b'\x0c             Message from the Inspector General\n\n        On behalf of the Office of Inspector General (OIG) of the Board of Governors of the\nFederal Reserve System (Board) and the Consumer Financial Protection Bureau (CFPB), I am\npleased to present our Semiannual Report to Congress highlighting our accomplishments and\nongoing work for the six-month period ending March 31, 2012. This is a dynamic time for both\nagencies, as well as the OIG, and we are proud of the work that we have performed and the\nreports we have issued.\n\n        Of particular note this reporting period, we issued our Inquiry into Allegations of Undue\nPolitical Interference with Federal Reserve Officials Related to the 1972 Watergate Burglary\nand Iraq Weapons Purchases during the 1980s; three failed bank reviews, with associated\nestimated losses to the Deposit Insurance Fund of $653.9 million; the financial statement audits\nfor the Board and the Federal Financial Institutions Examination Council, both of which received\n\xe2\x80\x9cclean,\xe2\x80\x9d unqualified opinions; and our annual Federal Information Security Management Act of\n2002 audit reports for the Board and the CFPB. Further, during this reporting period the\npresident and chief executive officer of Orion Bank entered a guilty plea to a criminal\ninformation in which he was charged with conspiring to commit bank fraud, misapplying bank\nfunds, making false entries in the bank\xe2\x80\x99s books and records, and obstructing a bank examination.\n\n         The OIG also issued its 2012 annual plan after conducting extensive risk analysis that\nincluded meetings with Board and CFPB officials to gain their insight on the most significant\nchallenges and issues facing their programs and operations. The OIG also engaged in extensive\nstrategic planning meetings internally to draw upon the experience and expertise of our\nemployees. The resultant annual plan provides for cross-cutting oversight of the Board and the\nCFPB to help ensure the economy, efficiency, and effectiveness of the agencies\xe2\x80\x99 programs and\nactivities. Our annual plan is posted on our website at\nhttp://m-fwapp3p.frb.gov/OIG/strategicPlan/2012%20Annual%20Plan_02-10-12_web.pdf.\n\n       To assist us in providing appropriate oversight of the Board\xe2\x80\x99s and the CFPB\xe2\x80\x99s programs\nand activities, the OIG is expanding its staff, as well as establishing regional offices, to enable\nmore timely and effective coverage of audit, inspection, and investigative matters occurring\noutside of the Washington, D.C., area. We are working to establish regional offices in New\nYork, Chicago, San Francisco, and Miami, and we hope to have them all operational this\ncalendar year.\n\n       I want to express my appreciation to the Board and the CFPB for their cooperation and\nsupport of the work of the OIG.\n\n                                             Sincerely,\n\n\n\n                                            Mark Bialek\n                                         Inspector General\n                                           April 30, 2012\n\x0c\x0cOffice of Inspector General\n\n\n\n\nSemiannual Report to Congress\n    October 1, 2011\xe2\x80\x93March 31, 2012\n\x0c\x0cTable of Contents\n                                                                                                                    Page\nHighlights.................................................................................................................1\n\nIntroduction ..............................................................................................................3\n\nOverview of the OIG\xe2\x80\x99s Strategic Plan 2011 \xe2\x80\x93 2015 ................................................5\n\nAudits and Attestations ............................................................................................6\n\nMultidisciplinary Work at the Board .....................................................................12\n\nInspections and Evaluations ...................................................................................14\n\nInformation on Nonmaterial Losses to the Deposit Insurance Fund,\nas Required by the Dodd-Frank Act ......................................................................26\n\nConsumer Financial Protection Bureau .................................................................27\n\nInvestigations .........................................................................................................29\n\nLegal Services ........................................................................................................34\n\nCommunications and Coordination .......................................................................35\n\nAppendixes\n\n   Appendix 1a\xe2\x80\x94Audit, Inspection, and Evaluation Reports Issued to the\n               Board with Questioned Costs during the Reporting Period .....39\n\n   Appendix 1b\xe2\x80\x94Audit, Inspection, and Evaluation Reports Issued to the\n               CFPB with Questioned Costs during the Reporting Period ......40\n\n   Appendix 2a\xe2\x80\x94Audit, Inspection, and Evaluation Reports Issued to the\n               Board with Recommendations that Funds Be Put to Better\n               Use during the Reporting Period ..............................................41\n\n   Appendix 2b\xe2\x80\x94Audit, Inspection, and Evaluation Reports Issued to the\n               CFPB with Recommendations that Funds Be Put to Better\n               Use during the Reporting Period ...............................................42\n\n   Appendix 3a\xe2\x80\x94OIG Reports to the Board with Recommendations that\n               Were Open during the Reporting Period ...................................43\n\n   Appendix 3b\xe2\x80\x94OIG Reports to the CFPB with Recommendations that\n               Were Open during the Reporting Period ...................................45\n\n\nSemiannual Report to Congress                                      i                                          April 2012\n\x0c   Appendix 4a\xe2\x80\x94Audit, Inspection, and Evaluation Reports Issued to the\n               Board during the Reporting Period ...........................................46\n\n   Appendix 4b\xe2\x80\x94Audit, Inspection, and Evaluation Reports Issued to the\n               CFPB during the Reporting Period ...........................................47\n\n   Appendix 5\xe2\x80\x94OIG Peer Reviews ......................................................................48\n\n   Appendix 6\xe2\x80\x94Cross-References to the IG Act..................................................49\n\nTable of Acronyms and Abbreviations ..................................................................51\n\n\n\n\nSemiannual Report to Congress                           ii                                  April 2012\n\x0cHighlights\nConsistent with our responsibilities under the Inspector General Act of 1978, as\namended (IG Act), and the Dodd-Frank Wall Street Reform and Consumer\nProtection Act (Dodd-Frank Act), the Office of Inspector General (OIG) continued\nto promote the integrity, economy, efficiency, and effectiveness of the programs\nand operations of the Board of Governors of the Federal Reserve System (Board)\nand the Consumer Financial Protection Bureau (CFPB). The following are\nhighlights of our work during this semiannual reporting period.\n\n    \xef\x82\xb7   Special Inquiry. We issued our final report on our Inquiry into\n        Allegations of Undue Political Interference with Federal Reserve Officials\n        Related to the 1972 Watergate Burglary and Iraq Weapons Purchases\n        during the 1980s. We initiated this inquiry in response to a request from\n        the then Chairman of the House Committee on Financial Services to the\n        Board for an investigation into allegations raised by a member of\n        Congress during the February 2010 Humphrey-Hawkins hearing. The\n        Board referred the request to our office for action. We performed this\n        inquiry to identify and assess any available evidence of undue political\n        interference with Federal Reserve officials related to the 1972 Watergate\n        burglary and Iraq weapons purchases during the 1980s. Regarding the\n        specific Watergate allegations, we did not find any evidence of undue\n        political interference with or improper actions by Federal Reserve officials\n        related to the cash found on the Watergate burglars. We also did not find\n        any evidence of undue political interference with Federal Reserve officials\n        or inaccurate responses by Board officials regarding an allegation that the\n        Federal Reserve officials \xe2\x80\x9cstonewalled\xe2\x80\x9d congressional members and staff\n        regarding the source of the cash found on the burglars. With regard to the\n        Iraq allegation, we did not find any evidence of undue political\n        interference with Federal Reserve officials or any indications that the\n        Federal Reserve facilitated a $5.5 billion loan to Saddam Hussein or Iraq\n        for weapons purchases during the 1980s. We also did not find evidence of\n        any loans between the Federal Reserve and Saddam Hussein or Iraq\n        during the 1980s.\n\n    \xef\x82\xb7   Failed Bank Reviews. We completed three failed bank reviews during\n        the reporting period, with associated total estimated assets of $2.0 billion\n        and losses to the Deposit Insurance Fund (DIF) of $653.9 million. For\n        each bank reviewed, we identified the causes of the failure, supervisory\n        issues/concerns, and lessons learned from the failure.\n\n    \xef\x82\xb7   Financial Statement Audits. We issued the financial statement audits for\n        the Board and the Federal Financial Institutions Examination Council\n        (FFIEC), both of which received \xe2\x80\x9cclean,\xe2\x80\x9d unqualified opinions. We\n        contracted with Deloitte & Touche LLP, an independent public accounting\n        firm, to conduct the audits, and we oversaw its work.\n\n\n\n\nSemiannual Report to Congress             1                                 April 2012\n\x0c    \xef\x82\xb7   Annual Information Security Audits. We completed our annual Federal\n        Information Security Management Act of 2002 (FISMA) audits of the\n        Board and the CFPB. We found that the Board continued to maintain a\n        FISMA-compliant approach to its Information Security Program.\n        Regarding the CFPB, we found that it is relying on the Information\n        Security Program and computer systems of the Department of the\n        Treasury (Treasury), and we relied on the FISMA work of the Treasury\n        OIG to avoid duplication of effort. KPMG LLC, an independent certified\n        public accounting firm, conducted the Treasury OIG\xe2\x80\x99s 2011 FISMA audit\n        and concluded that Treasury\xe2\x80\x99s Information Security Program and practices\n        for its non-Internal Revenue Service bureaus\xe2\x80\x99 unclassified systems were\n        generally consistent with the requirements of FISMA.\n\n    \xef\x82\xb7   Bank President Pleads Guilty. The president and chief executive officer\n        of Orion Bank entered a guilty plea to a criminal information in which he\n        was charged with conspiring to commit bank fraud, misapplying bank\n        funds, making false entries in the bank\xe2\x80\x99s books and records, and\n        obstructing a bank examination. The charges relate to his role in a scheme\n        to lend $82 million to \xe2\x80\x9cstraw\xe2\x80\x9d borrowers acting on behalf of an Orion\n        Bank borrower who had reached the bank\xe2\x80\x99s legal lending limit.\n        Additionally, the loans concealed $15 million in bank funds to be used for\n        the purchase of Orion stock by the above-mentioned borrower, in violation\n        of banking laws and regulations.\n\n\n\n\nSemiannual Report to Congress           2                               April 2012\n\x0cIntroduction\nCongress established the OIG as an independent oversight authority within the\nBoard, the government agency component of the broader Federal Reserve System.\nIn addition, the Dodd-Frank Act established the OIG as the independent oversight\nauthority for the CFPB. Within this framework, the OIG conducts audits,\ninvestigations, and other reviews related to Board and CFPB programs and\noperations. By law, the OIG is not authorized to perform program functions.\n\nConsistent with the IG Act, our office, as the OIG for the Board and the CFPB,\n\n    \xef\x82\xb7 conducts and supervises independent and objective audits, investigations,\n      and other reviews related to Board and CFPB programs and operations\n\n    \xef\x82\xb7 promotes economy, efficiency, and effectiveness within the Board and the\n      CFPB\n\n    \xef\x82\xb7 helps prevent and detect fraud, waste, abuse, and mismanagement in\n      Board and CFPB programs and operations\n\n    \xef\x82\xb7 reviews existing and proposed legislation and regulations and makes\n      recommendations regarding possible improvements to Board and CFPB\n      programs and operations\n\n    \xef\x82\xb7 keeps the Board of Governors, the Director of the CFPB, and Congress\n      fully and timely informed\n\nCongress has also mandated additional responsibilities that influence the OIG\xe2\x80\x99s\npriorities, to include the following:\n\n    \xef\x82\xb7   Section 38(k) of the Federal Deposit Insurance Act (FDI Act) requires that\n        the OIG review failed financial institutions supervised by the Board that\n        result in a material loss to the DIF and produce a report within six months.\n        The Dodd-Frank Act amended section 38(k) of the FDI Act by raising the\n        materiality threshold, but also by requiring that the OIG report on the\n        results of any nonmaterial losses to the DIF that exhibit unusual\n        circumstances that warrant an in-depth review.\n\n    \xef\x82\xb7   Section 211(f) of the Dodd-Frank Act requires that the OIG review the\n        Board\xe2\x80\x99s supervision of any covered financial company that is placed into\n        receivership and produce a report that evaluates the effectiveness of the\n        Board\xe2\x80\x99s supervision, identifies any acts or omissions by the Board that\n        contributed to or could have prevented the company\xe2\x80\x99s receivership status,\n        and recommends appropriate administrative or legislative action.\n\n    \xef\x82\xb7   Section 989E of the Dodd-Frank Act established the Council of Inspectors\n        General on Financial Oversight (CIGFO), which comprises the Inspectors\n        General (IGs) of the Board, the Commodity Futures Trading Commission\n        (CFTC), the Department of Housing and Urban Development, Treasury,\n\nSemiannual Report to Congress            3                                April 2012\n\x0c        the Federal Deposit Insurance Corporation (FDIC), the Federal Housing\n        Finance Agency (FHFA), the National Credit Union Administration\n        (NCUA), and the Securities and Exchange Commission (SEC) and the\n        Special Inspector General for the Troubled Asset Relief Program\n        (SIGTARP). CIGFO is required to meet at least quarterly to share\n        information and discuss the ongoing work of each IG, with a focus on\n        concerns that may apply to the broader financial sector and ways to\n        improve financial oversight. Additionally, CIGFO is required to issue a\n        report annually that highlights the IGs\xe2\x80\x99 concerns and recommendations, as\n        well as issues that may apply to the broader financial sector.\n\n    \xef\x82\xb7   With respect to information technology (IT), FISMA established a\n        legislative mandate for ensuring the effectiveness of information security\n        controls over resources that support federal operations and assets.\n        Consistent with FISMA requirements, we perform an annual independent\n        evaluation of the Board\xe2\x80\x99s and the CFPB\xe2\x80\x99s Information Security Programs\n        and practices, including the effectiveness of security controls and\n        techniques for selected information systems.\n\n    \xef\x82\xb7   The USA Patriot Act of 2001, Public Law No. 107-56, grants the Board\n        certain federal law enforcement authorities. Our office serves as the\n        external oversight function for the Board\xe2\x80\x99s law enforcement program.\n\n    \xef\x82\xb7   Section 11B of the Federal Reserve Act mandates annual independent\n        audits of the financial statements of each Federal Reserve Bank and of the\n        Board. We oversee the annual financial statement audits of the Board, as\n        well as the FFIEC. (Under the Dodd-Frank Act, the Government\n        Accountability Office performs the financial statement audits of the\n        CFPB.) The FFIEC is a formal interagency body empowered to prescribe\n        uniform principles, standards, and report forms for the federal examination\n        of financial institutions by the Board, the FDIC, the NCUA, the Office of\n        the Comptroller of the Currency (OCC), and the CFPB and to make\n        recommendations to promote uniformity in the supervision of financial\n        institutions. In 2006, the State Liaison Committee was added to the\n        FFIEC as a voting member. The State Liaison Committee includes\n        representatives from the Conference of State Bank Supervisors, the\n        American Council of State Savings Supervisors, and the National\n        Association of State Credit Union Supervisors.\n\n\n\n\nSemiannual Report to Congress         4                                  April 2012\n\x0cOverview of the OIG\xe2\x80\x99s Strategic Plan 2011 \xe2\x80\x93 2015\n\nThe following chart represents the structure of the OIG\xe2\x80\x99s strategic plan, which we\nupdated to incorporate, among other things, new requirements under the Dodd-\nFrank Act, including our responsibilities as the OIG for the CFPB.\n\n\n\n\nSemiannual Report to Congress               5                             April 2012\n\x0cAudits and Attestations\nThe Audits and Attestations program assesses aspects of the economy, efficiency,\nand effectiveness of Board and CFPB programs and operations. For example,\nAudits and Attestations conducts audits of (1) the Board\xe2\x80\x99s financial statements\nand financial performance reports; (2) the efficiency and effectiveness of\nprocesses and internal controls over agency programs and operations; (3) the\nadequacy of controls and security measures governing agency financial and\nmanagement information systems and the safeguarding of assets and sensitive\ninformation; and (4) compliance with applicable laws and regulations related to\nagency financial, administrative, and program operations. As mandated by the IG\nAct, OIG audits and attestations are performed in accordance with the\nGovernment Auditing Standards established by the Comptroller General. The\ninformation below summarizes OIG work completed during the reporting period\nand ongoing work that will continue into the next semiannual reporting period.\n\nCOMPLETED AUDIT WORK AT THE BOARD\n\nAudit of the Board\xe2\x80\x99s Financial Statements as of and for the Years Ended\nDecember 31, 2011 and 2010, and Audit of the FFIEC\xe2\x80\x99s Financial Statements\nas of and for the Years Ended December 31, 2011 and 2010\n\nThe OIG contracts with an independent public accounting firm to annually audit\nthe financial statements of the Board and the FFIEC. (The Board performs the\naccounting function for the FFIEC.) The accounting firm, currently Deloitte &\nTouche LLP, performs the audits to obtain reasonable assurance that the financial\nstatements are free of material misstatement. The OIG oversees the activities of\nthe contractor to ensure compliance with generally accepted government auditing\nstandards and Public Company Accounting Oversight Board auditing standards\nrelated to internal controls over financial reporting. The audits include\nexamining, on a test basis, evidence supporting the amounts and disclosures in the\nfinancial statements. The audits also include an assessment of the accounting\nprinciples used and significant estimates made by management, as well as an\nevaluation of the overall financial statement presentation.\n\nIn the auditors\xe2\x80\x99 opinion, the Board\xe2\x80\x99s and the FFIEC\xe2\x80\x99s financial statements\npresented fairly, in all material respects, the financial position, results of\noperations, and cash flows of each entity as of December 31, 2011 and 2010, in\nconformity with accounting principles generally accepted in the United States. To\ndetermine the auditing procedures necessary to express an opinion on the\nfinancial statements, the auditors reviewed the Board\xe2\x80\x99s and the FFIEC\xe2\x80\x99s internal\ncontrol over financial reporting. For the third year, the auditors also expressed an\nopinion on the effectiveness of the Board\xe2\x80\x99s internal control over financial\nreporting based on the Public Company Accounting Oversight Board standards.\nIn the auditors\xe2\x80\x99 opinion, the Board maintained, in all material respects, effective\ninternal control over financial reporting as of December 31, 2011. With regard to\nthe FFIEC\xe2\x80\x99s internal control over financial reporting, the auditors noted no\n\n\nSemiannual Report to Congress                6                            April 2012\n\x0cmatters involving internal control over financial reporting that were considered\nmaterial weaknesses in accordance with Government Auditing Standards.\n\nAs part of obtaining reasonable assurance that the financial statements are free of\nmaterial misstatement, the auditors also performed tests of the Board\xe2\x80\x99s and the\nFFIEC\xe2\x80\x99s compliance with certain laws and regulations, since noncompliance with\nthese provisions could have a direct and material effect on the determination of\nthe financial statement amounts. The results of the auditors\xe2\x80\x99 tests disclosed no\ninstances of noncompliance that would be required to be reported under\nGovernment Auditing Standards.\n\nAudit of the Board\xe2\x80\x99s Information Security Program\n\nDuring this reporting period, we completed our annual audit of the Board\xe2\x80\x99s\nInformation Security Program and practices. The audit was performed pursuant\nto FISMA, which requires that each agency IG conduct an annual independent\nevaluation of the agency\xe2\x80\x99s Information Security Program and practices. Based on\nFISMA requirements, our specific audit objectives were to evaluate (1) the\nBoard\xe2\x80\x99s compliance with FISMA and related information security policies,\nprocedures, standards, and guidelines and (2) the effectiveness of security controls\nand techniques for a subset of the Board\xe2\x80\x99s information systems.\n\nIn accordance with Department of Homeland Security reporting requirements, our\nFISMA review included an analysis of the Board\xe2\x80\x99s information security\xe2\x80\x93related\nprocesses in the following areas: risk management, continuous monitoring\nmanagement, plans of action and milestones, identity and access management,\nremote access management, security configuration management, security training,\ncontractor oversight, contingency planning, incident response and reporting, and\nsecurity capital planning.\n\nOverall, we found that the Board\xe2\x80\x99s Chief Information Officer (CIO) continued to\nmaintain a FISMA-compliant approach to the Board\xe2\x80\x99s Information Security\nProgram that is generally consistent with National Institute of Standards and\nTechnology (NIST) and Office of Management and Budget (OMB) requirements.\nThe Information Security Officer (ISO) continued to issue and update information\nsecurity policies and guidelines. During 2011, the ISO developed an enterprise IT\nrisk assessment framework initiative and a continuous monitoring strategy and\nbegan to implement a new automated workflow support tool that will provide an\nautomated workflow method for documenting, reviewing, and approving the\nsecurity posture of all Board information systems. In addition, the ISO took\ncorrective actions in response to a number of open recommendations from our\nprior FISMA reports.\n\nAlthough progress has been made by the ISO to address the new NIST guidance\nregarding risk management, the enterprise IT risk assessment framework needs to\nbe fully implemented Boardwide and the automated workflow support tool needs\n\n\nSemiannual Report to Congress         7                                  April 2012\n\x0cto be fully operational for the Board to meet the requirements of NIST\xe2\x80\x99s\norganizationwide risk management approach. Our report contained a\nrecommendation that the CIO complete and fully implement the enterprise IT risk\nassessment framework Boardwide and ensure that the automated workflow\nsupport tool is fully operational to comply with updated NIST guidance on the\nnew Risk Management Framework.\n\nIn addition, our report included matters for management\xe2\x80\x99s consideration based on\nour analysis of the Board\xe2\x80\x99s contractor oversight and security capital planning\nprograms. While not specifically required by NIST or OMB, the following\nactions could help strengthen the Board\xe2\x80\x99s information security posture: (1) under\nthe Board\xe2\x80\x99s contractor oversight program, ensure that the Board\xe2\x80\x99s new automated\nworkflow tool for managing the security posture of all Board information systems\nincorporates appropriate security management information for third-party systems\noperated by Federal Reserve Banks on behalf of the Board and (2) under the\nBoard\xe2\x80\x99s security capital planning and investment program, to ensure adequate\ntracking of system security investments, enhance the Board\xe2\x80\x99s system development\nmethodology by clarifying steps to account and budget for security over the\nsystem life cycle and analyze how security capital planning information at the\nsystem and enterprise levels can be integrated into the IT performance dashboard\nto provide a more comprehensive understanding of the business value and\nperformance of the Board\xe2\x80\x99s information systems.\n\nUpon review of open recommendations from our prior FISMA reports, we\ndetermined that sufficient action had been taken to close the recommendations\nfrom our 2010 FISMA report. To transform the Board\xe2\x80\x99s certification and\naccreditation process into the NIST Risk Management Framework and implement\nnew NIST requirements for assessing security controls, our 2010 FISMA report\nincluded the following two recommendations to the CIO: (1) continue to develop\nand implement a Boardwide IT risk management strategy as required by NIST\nSpecial Publication 800-53, Revision 3, Recommended Security Controls for\nFederal Information Systems and Organizations (SP 800-53), Program\nManagement family of controls and (2) as additional NIST and OMB guidance is\nissued and becomes effective, develop a continuous monitoring strategy and\nimplement a continuous monitoring program as required by SP 800-53, Security\nAssessment and Authorization family of controls. Because the ISO developed\nand began implementing an enterprise IT risk assessment framework within the\nDivision of Information Technology, we closed out the first recommendation.\nWith the ISO issuing a continuous monitoring strategy and beginning the\nimplementation of an expanded continuous monitoring program, we also closed\nthe second recommendation.\n\nOur 2010 FISMA report also included a recommendation that the CIO identify all\nIT services provided by organizations other than the Board and determine whether\nthey need to be accredited as a third-party contractor system or as part of an\n\n\n\nSemiannual Report to Congress        8                                 April 2012\n\x0cexisting general support system or major application. The CIO has taken\nsufficient actions to close this recommendation.\n\nIn addition, given the new NIST guidance regarding risk management that\nincorporates risk assessment, we closed a recommendation from our 2008 FISMA\nreport that the CIO ensure that risk assessments are adequately identifying,\nevaluating, and documenting the level of risk to information systems based on\npotential threats, vulnerabilities, and currently implemented or planned controls,\nto determine whether additional controls are needed.\n\nThe Director of the Board\xe2\x80\x99s Division of Information Technology, in her capacity\nas the CIO, agreed with our 2011 recommendation that the CIO complete and\nfully implement the enterprise IT risk assessment framework Boardwide and\nensure that the automated workflow support tool is fully operational for the Board\nto be compliant with updated NIST guidance on risk management. We will\ncontinue to monitor the ISO\xe2\x80\x99s actions in implementing the enterprise IT risk\nassessment framework Boardwide, which include improving overall risk\nassessments.\n\nSecurity Control Review of the National Remote Access Services System\n\nDuring this reporting period, we completed our security control review of the\nFederal Reserve System\xe2\x80\x99s National Remote Access Services (NRAS) system.\nThe Board and the 12 Federal Reserve Banks use NRAS to remotely access Board\nand Federal Reserve Bank information systems. Our objectives were to evaluate\nthe effectiveness of selected security controls and techniques to ensure that the\nBoard maintains a remote access program that is generally compliant with FISMA\nrequirements.\n\nOverall, our review found that NRAS is technically and operationally sound and\nthat the Board has developed an adequate process to administer the token keys for\nBoard personnel. However, we identified opportunities to strengthen information\nsecurity controls to help ensure that NRAS meets FISMA requirements.\n\nIn comments on a draft of our report, the Director of the Board\xe2\x80\x99s Division of\nInformation Technology generally agreed with our recommendations and outlined\ncorrective actions.\n\nONGOING AUDIT WORK AT THE BOARD\n\nAudit of the Board\xe2\x80\x99s Government Travel Card Program\n\nDuring this reporting period, we completed our fieldwork and began drafting the\nreport for our review of the Board\xe2\x80\x99s government travel card program. The Board\nparticipates in the General Services Administration\xe2\x80\x99s SmartPay2 government\ntravel card program. Our overall objective is to evaluate the effectiveness of the\n\n\nSemiannual Report to Congress         9                                  April 2012\n\x0cBoard\xe2\x80\x99s controls over the travel card program. We are assessing whether controls\n(1) effectively provide reasonable assurance that cards are properly issued,\nadministered, and controlled; (2) detect and prevent unauthorized or fraudulent\ntransactions in a timely manner; and (3) adequately ensure proper use of the cards\nin accordance with Board policy and procedures. We expect to issue our final\nreport during the next semiannual reporting period.\n\nAudit of the Board\xe2\x80\x99s Purchase Card Program\n\nDuring this reporting period, we began a control review of the Board\xe2\x80\x99s purchase\ncard program. The program is part of a governmentwide charge card program\nadministered by the General Services Administration to reduce the administrative\ncost of acquiring low-cost, standard items. The purchase card program\nstreamlines business processes for certain government purchases as well as the\nprocesses for certifying and approving purchases. The Board adopted the use of\npurchase cards in 1995. The objective for this review is to determine whether\ncontrols are in place to prevent fraud and abuse. Specifically, we are evaluating\nthe adequacy of procedures for issuing purchase cards and ensuring their proper\nuse, and we are evaluating cardholders\xe2\x80\x99 compliance with current Board policies.\nWe expect to complete our review during the next semiannual reporting period.\n\nAudit of the Board\xe2\x80\x99s Internal Control Processes\n\nDuring this reporting period, we completed our initial data-gathering and scoping\neffort of the internal control process of the Board\xe2\x80\x99s Management Division. Based\non our scoping work, we have begun an audit of the Board\xe2\x80\x99s internal control\nprocesses across divisions. The objective of this audit is to assess the processes\nfor establishing, maintaining, and monitoring internal control within the Board.\nA properly designed and effectively implemented internal control process should\nprovide reasonable assurance that policies are followed and objectives are met;\nprograms achieve their intended results; resource use is consistent with laws,\nregulations, and policies; and reliable information is obtained, maintained,\nreported, and used for decisionmaking. We expect to complete our review during\nthe next semiannual reporting period.\n\nSecurity Control Review of FISMA Assets Maintained by the Federal Reserve\nBank of Richmond\n\nWe completed the fieldwork and issued a draft report on a security control review\nof two Lotus Notes applications listed on the Board\xe2\x80\x99s FISMA inventory and\nmaintained by the Federal Reserve Bank of Richmond. The two database\napplications are used by the Federal Reserve Bank of Richmond to support bank\nexaminations. Our review objectives are to (1) evaluate the effectiveness of\nselected security controls and techniques for protecting the two Lotus Notes\napplications from unauthorized access, modification, or destruction and (2) assess\n\n\n\nSemiannual Report to Congress        10                                  April 2012\n\x0ccompliance with the Board\xe2\x80\x99s Information Security Program. We plan to issue the\nfinal report in the next semiannual reporting period.\n\nAudit of the Board\xe2\x80\x99s Continuity/Disaster Recovery Program for Its Information\nSystems\n\nWe completed the fieldwork and began drafting our report on the Board\xe2\x80\x99s\ncontinuity/disaster recovery program for its information systems. Our audit\nobjective is to determine whether the Board is maintaining a program that is\ngenerally consistent with NIST and OMB FISMA guidance. To accomplish this\nobjective, we developed a tailored control assessment program based on the\nContingency Planning family of information security controls in NIST SP 800-53.\nWe expect to complete our review during the next semiannual reporting period.\n\nSecurity Control Review of the Office of Employee Benefits\xe2\x80\x99 Information\nSystems\n\nWe continued our fieldwork related to a security control review of information\nsystems of the Federal Reserve System\xe2\x80\x99s Office of Employee Benefits (OEB).\nOur overall objective is to determine whether the OEB and its contractors are\nmaintaining a program that is generally consistent with related NIST and OMB\nFISMA guidance. Our specific control review objective is to evaluate the\nadequacy of control techniques for protecting Board data in the information\nsystems from unauthorized access, modification, destruction, or disclosure. We\nare using the Board\xe2\x80\x99s Information Security Program and related NIST FISMA\nguidance as criteria. We expect to complete our review during the next\nsemiannual reporting period.\n\nSecurity Control Review of the National Examination Database System\n\nWe began a security control review of the National Examination Database system.\nThe National Examination Database system is listed as a major application on the\nBoard\xe2\x80\x99s FISMA inventory for the Division of Banking Supervision and\nRegulation (BS&R). Our specific control review objective is to evaluate the\nadequacy of certain control techniques designed to protect data in the system from\nunauthorized access, modification, destruction, or disclosure. We will use the\nBoard\xe2\x80\x99s Information Security Program, FISMA requirements, and applicable\nNIST guidelines as criteria.\n\nAudit of the Board\xe2\x80\x99s Progress in Developing Enhanced Prudential Standards\nand Monitoring of Potential Systemic Risks\n\nDuring this period, we issued for Board comment a draft management letter on\nBS&R\xe2\x80\x99s approach to developing enhanced prudential standards. We also drafted\na report on the Board\xe2\x80\x99s actions to analyze potential risks related to mortgage\nforeclosures. The Dodd-Frank Act charged the Board with significant\n\n\nSemiannual Report to Congress        11                                 April 2012\n\x0cresponsibilities, including the development of complex rulemakings, many in\nconjunction with other federal financial regulatory agencies. The act gave the\nBoard important new authorities to support financial stability, including the\nresponsibility for developing enhanced prudential standards for supervising large\nbank holding companies with total consolidated assets of $50 billion or more and\nsystemically important nonbank financial companies designated by the Financial\nStability Oversight Council (FSOC).\n\nOur objectives are to assess (1) BS&R\xe2\x80\x99s approach to developing enhanced\nprudential standards for large bank holding companies, including standards that\nwould apply to any nonbank financial company that FSOC designates as\nsystemically important, and (2) the Board\xe2\x80\x99s activities in response to potential risks\nrelated to mortgage foreclosures. We expect to finalize and issue our\nmanagement letter and audit report in the next reporting period.\n\nSecurity Control Review of the Board\xe2\x80\x99s Public Website\n\nWe issued for Board comment a revised draft report on our security control\nreview of the Board\xe2\x80\x99s public website (Pubweb). Pubweb is listed as a major\napplication on the Board\xe2\x80\x99s FISMA inventory for the Office of Board Members.\nPubweb provides the public with information about the mission and work of the\nBoard. Our audit objectives are to evaluate the effectiveness of selected security\ncontrols and techniques for protecting Pubweb from unauthorized access,\nmodification, or destruction and to ensure compliance with the Board\xe2\x80\x99s\nInformation Security Program.\n\nAfter the end of the reporting period, we received written comments from the\nDirector of the Board\xe2\x80\x99s Division of Information Technology and the Assistant to\nthe Board for the Office of Board Members, who stated that they generally agree\nwith the recommendations in our report. We anticipate issuing our final report in\nthe near future.\n\nMultidisciplinary Work at the Board\nInquiry into Allegations of Undue Political Interference with Federal Reserve\nOfficials Related to the 1972 Watergate Burglary and Iraq Weapons Purchases\nduring the 1980s\n\nIn this reporting period, we issued our final report on our Inquiry into Allegations\nof Undue Political Interference with Federal Reserve Officials Related to the\n1972 Watergate Burglary and Iraq Weapons Purchases during the 1980s. We\ninitiated this inquiry in response to a request from the then Chairman of the House\nCommittee on Financial Services to the Board for an investigation into allegations\nraised by a member of Congress, Representative Ron Paul, during the February\n2010 Humphrey-Hawkins hearing before the committee, which the Board referred\nto our office.\n\n\nSemiannual Report to Congress          12                                  April 2012\n\x0cWe performed this inquiry to identify and assess any available evidence of undue\npolitical interference with Federal Reserve officials related to the 1972 Watergate\nburglary and Iraq weapons purchases during the 1980s. In assessing undue\npolitical interference, our review sought to identify any available evidence of the\nimproper use of the political process or political authority that could have affected\nthe conduct or decisionmaking of Federal Reserve officials. Based on our review\nof the February 2010 hearing record and discussions with the staffs of the then\ncommittee Chairman and Representative Paul, we focused our analysis on\nallegations that (1) the cash found on the Watergate burglars came through the\nFederal Reserve, (2) the Federal Reserve \xe2\x80\x9cstonewalled\xe2\x80\x9d congressional members\nand staff investigating the source of the cash found on the burglars, and (3) the\nFederal Reserve facilitated a $5.5 billion loan to Iraq for weapons purchases\nduring the 1980s.\n\nTo identify any evidence regarding these matters, we searched voluminous Board\nand Federal Reserve Bank archives, as well as congressional records. We\ninterviewed employees and examined documentation at the Board and on-site at\nthe Federal Reserve Banks of Philadelphia, Atlanta, and New York. Additionally,\nwe visited the Gerald R. Ford Presidential Library and Museum in Ann Arbor,\nMichigan, to review the library collection of Arthur Burns, Board Chairman at the\ntime of the Watergate burglary. In conducting our inquiry, we also reviewed\ndocuments and reports written by the Federal Bureau of Investigation (FBI), the\nGovernment Accountability Office, and the Department of Justice.\n\nWe did not find any evidence of undue political interference with Federal Reserve\nofficials related to the 1972 Watergate burglary or Iraq weapons purchases during\nthe 1980s. Specifically, related to the Watergate allegations, we did not find any\nevidence of undue political interference with or improper actions by Federal\nReserve officials related to the cash found on the Watergate burglars. We also did\nnot find any evidence of undue political interference with Federal Reserve\nofficials or inaccurate responses by Board officials regarding the allegation that\nthe Federal Reserve officials \xe2\x80\x9cstonewalled\xe2\x80\x9d congressional members and staff\nregarding the source of the cash found on the burglars. With regard to the Iraq\nallegation, we did not find any evidence of undue political interference with\nFederal Reserve officials or any indications that the Federal Reserve facilitated a\n$5.5 billion loan to Saddam Hussein or Iraq for weapons purchases during the\n1980s. We did not find evidence of any loans between the Federal Reserve and\nSaddam Hussein or Iraq during the 1980s.\n\nIn his comments on a draft of our report, the Board\xe2\x80\x99s General Counsel stated that\nour report confirmed past statements by Federal Reserve officials in relation to\nthese incidents, and he indicated his appreciation for the thoroughness of our\nreview. Our report did not contain any recommendations.\n\n\n\n\nSemiannual Report to Congress          13                                  April 2012\n\x0cInspections and Evaluations\nThe Inspections and Evaluations program encompasses OIG inspections, program\nevaluations, enterprise risk management activities, process design and life cycle\nevaluations, and legislatively mandated reviews of failed financial institutions that\nthe Board supervises. Inspections are generally narrowly focused on a particular\nissue or topic and provide time-critical analysis that cuts across functions and\norganizations. In contrast, evaluations are generally focused on a specific\nprogram or function and make extensive use of statistical and quantitative\nanalytical techniques. Evaluations can also encompass other preventive activities,\nsuch as reviews of system development life cycle projects and participation on\ntask forces and workgroups. OIG inspections and evaluations are performed\naccording to the Quality Standards for Inspection and Evaluation issued by the\nCouncil of the Inspectors General on Integrity and Efficiency (CIGIE).\n\nCOMPLETED INSPECTION AND EVALUATION WORK AT THE\nBOARD\n\nFailed Bank Reviews\n\n                             Section 38(k) of the FDI Act requires that the IG of\n                             the appropriate federal banking agency complete a\n                             review of the agency\xe2\x80\x99s supervision of a failed\n                             institution and issue a report within six months of\n                             notification from the FDIC IG when the projected\n                             loss to the DIF is material. Under section 38(k) of\n                             the FDI Act, as amended, a material loss to the DIF is\n                             defined as an estimated loss in excess of $200 million\nfor losses that occurred from January 1, 2010, through December 31, 2011. For\nthe period January 1, 2012, through December 31, 2013, a material loss to the DIF\nis defined as $150 million.\n\nThe material loss review provisions of section 38(k) require that the IG\n\n    \xef\x82\xb7   review the institution\xe2\x80\x99s supervision, including the agency\xe2\x80\x99s\n        implementation of prompt corrective action (PCA)\n\n    \xef\x82\xb7   ascertain why the institution\xe2\x80\x99s problems resulted in a material loss to the\n        DIF\n\n    \xef\x82\xb7   make recommendations for preventing any such loss in the future\n\nThe Dodd-Frank Act also establishes specific requirements for bank failures that\nresult in losses below the materiality threshold. In these situations, the IG must\nreview the failure to determine, among other things, whether the loss exhibits\nunusual circumstances that warrant an in-depth review. In such cases, the IG\nmust prepare a report in a manner consistent with the requirements of a material\nloss review. Pursuant to the Dodd-Frank Act, the IG must semiannually report\n\n\nSemiannual Report to Congress                14                             April 2012\n\x0cthe dates when each such review and report will be completed. If the IG\ndetermines that a loss did not involve unusual circumstances, the IG is required to\nprovide an explanation of its determination in the above-mentioned semiannual\nreport. The OIG has included its report on nonmaterial loss bank failures in this\nSemiannual Report to Congress (see page 26).\n\nAs shown in the table below, during this reporting period we issued three reports\non failed state member banks: two in which the loss to the DIF exceeded the\nmateriality threshold, and one in which the loss did not meet the materiality\nthreshold but presented unusual circumstances. These three banks had total assets\nof approximately $2.0 billion and total losses estimated at $653.9 million, or\napproximately 32.4 percent of total assets.\n\nFailed Bank Reviews Completed during the Reporting Period\n                                                                                   DIF\n                                                Federal                         Projected                       FDIC OIG\n                                                Reserve        Asset size         Loss           Closure       Notification\n  State Member Bank          Location            Bank         (in millions)   (in millions)        Date           Datea\n\n Legacy Bankb               Milwaukee,          Chicago          $225.1           $43.5        03/11/2011          N/A\n                               WI\n\n The Park Avenue           Valdosta, GA         Atlanta          $841.0          $326.1        04/29/2011       05/27/2011\n Bank\n\n First Chicago Bank         Chicago, IL         Chicago          $950.8          $284.3        07/08/2011       08/22/2011\n and Trust\n a. Date that our office received notification from the FDIC IG that the projected loss to the DIF would be material.\n b. Legacy Bank did not meet the materiality threshold; however, we determined that the bank\xe2\x80\x99s failure\n    presented unusual circumstances that warranted an in-depth review.\n\n\nLegacy Bank\n\nLegacy Bank (Legacy) began operations in July 1999 as a de novo state member\nbank headquartered in Milwaukee, Wisconsin. Legacy was supervised by the\nFederal Reserve Bank of Chicago (FRB Chicago) under delegated authority from\nthe Board, and by the State of Wisconsin Department of Financial Institutions\n(State). The State closed Legacy on March 11, 2011, and named the FDIC as\nreceiver. According to the FDIC, the bank\xe2\x80\x99s total assets at closing were\n$225.1 million, and its failure resulted in an estimated $43.5 million loss to the\nDIF. While the loss is beneath the materiality threshold, we conducted an in-\ndepth review after determining that Legacy\xe2\x80\x99s failure presented unusual\ncircumstances: Examiners concluded that bank officers engaged in unsafe and\nunsound banking practices, and the bank received $5.5 million in funds from the\nTreasury\xe2\x80\x99s Capital Purchase Program under the Troubled Asset Relief Program\n(TARP).\n\nLegacy failed because its board of directors and management did not adequately\ncontrol the risks associated with the bank\xe2\x80\x99s aggressive growth strategy, which\nfocused on lending in low- to moderate-income neighborhoods within the city of\n\n\nSemiannual Report to Congress                           15                                                   April 2012\n\x0cMilwaukee. The bank was a community development financial institution that\nprovided financial services to customers in an underserved community.\nManagement depended on noncore funding sources to support the bank\xe2\x80\x99s growth\nstrategy, which included providing loans to revitalize residential housing and\ncommercial properties in distressed neighborhoods in Milwaukee. As a result, the\nbank developed a concentration in commercial real estate (CRE) loans and\nbecame vulnerable to a downturn in the local economy. The failure of Legacy\xe2\x80\x99s\nboard of directors and management to implement risk management practices\ncommensurate with the bank\xe2\x80\x99s increased risk profile, coupled with a weakening\nreal estate market, led to rapid asset quality deterioration. Mounting losses\neliminated the bank\xe2\x80\x99s earnings and depleted capital, which prompted the State to\nclose Legacy and appoint the FDIC as receiver.\n\nWith respect to supervision, FRB Chicago complied with the examination\nfrequency guidelines for the 2006\xe2\x80\x932011 time frame we reviewed, conducted\nregular off-site monitoring, and implemented the applicable PCA provisions. Our\nanalysis of FRB Chicago\xe2\x80\x99s supervision of Legacy revealed that FRB Chicago\nidentified the bank\xe2\x80\x99s fundamental weaknesses, including ineffective board of\ndirectors oversight, poor internal controls, and a high concentration in CRE loans,\nbut did not take early, forceful supervisory action to address those weaknesses.\nSpecifically, we believe that the findings noted during a March 2008 full-scope\nexamination warranted stronger criticism, including CAMELS composite and\ncomponent rating downgrades.1 We also noted that FRB Chicago complied with\nthe process outlined in Treasury\xe2\x80\x99s evaluation guidance when Legacy\xe2\x80\x99s holding\ncompany applied for TARP funds in October 2008.\n\nWe believe that Legacy\xe2\x80\x99s failure offers lessons learned that can be applied when\nsupervising banks with similar characteristics. In our opinion, Legacy\xe2\x80\x99s failure\ndemonstrated the importance of (1) examiners assuring that management\nimplements credit risk management practices commensurate with the bank\xe2\x80\x99s\nstrategy and risk profile, including CRE concentration levels, and (2) supervisors\nassigning CAMELS composite and component ratings consistent with the\nexamination\xe2\x80\x99s findings and narrative examination comments.\n\nThe Director of BS&R concurred with our conclusions and lessons learned.\n\nThe Park Avenue Bank\n\nThe Park Avenue Bank (Park Avenue) was founded in 1956 in Valdosta, Georgia.\nIn 1982, the bank established a parent holding company, PAB Bankshares, Inc.\nPark Avenue became a state member bank in 2001 and was supervised by the\nFederal Reserve Bank of Atlanta (FRB Atlanta), under delegated authority from\n\n     1. The CAMELS acronym represents six components: capital adequacy, asset quality,\nmanagement practices, earnings performance, liquidity position, and sensitivity to market risk.\nEach component and overall composite score is assigned a rating of 1 through 5, with 1 indicating\nthe least regulatory concern and 5, the greatest concern.\n\nSemiannual Report to Congress               16                                         April 2012\n\x0cthe Board, and by the State of Georgia Department of Banking and Finance\n(State). The State closed Park Avenue on April 29, 2011, and appointed the FDIC\nas receiver. The FDIC OIG notified our office that Park Avenue\xe2\x80\x99s failure would\nresult in an estimated loss to the DIF of $326.1 million, or 39 percent of the\nbank\xe2\x80\x99s $841.0 million in total assets at closing. The FDIC subsequently revised\nits estimated loss to the DIF to exclude $20.0 million in debt issued by the holding\ncompany under the FDIC\xe2\x80\x99s Temporary Liquidity Guarantee Program.\n\nPark Avenue failed because its board of directors and management did not\nadequately control the risks associated with the bank\xe2\x80\x99s growth strategy. The\nbank\xe2\x80\x99s strategy involved higher-risk CRE lending and expansion into new\nmarkets, which resulted in a concentration in construction, land, and land\ndevelopment (CLD) loans that made the bank particularly vulnerable to real estate\nmarket declines. The board of directors\xe2\x80\x99 and management\xe2\x80\x99s failure to establish\ncredit risk management practices commensurate with the risks of CRE lending,\ncoupled with high concentrations and weakening real estate markets, led to rapid\nasset quality deterioration. Mounting losses depleted earnings and eroded capital,\nwhich prompted the State to close Park Avenue and appoint the FDIC as receiver.\n\nWith respect to supervision, FRB Atlanta complied with the examination\nfrequency guidelines for the time frame we reviewed, 2001 through 2011, and\nconducted regular off-site monitoring. However, our analysis revealed that\nReserve Bank staff had opportunities to engage in more aggressive supervisory\nactivities when signs of credit risk management weaknesses persisted. In our\nopinion, the bank\xe2\x80\x99s failure to establish basic credit administration practices in\nearlier years should have served as a warning sign for examiners that the bank\nlacked credit administration practices commensurate with the high risk in its loan\nportfolio, especially as its CRE and CLD concentrations increased. Supervisory\ncriticisms of credit risk management diminished as asset quality ratios and\nearnings performance improved in 2003, despite continued weaknesses and few\nsigns that credit risk management had improved in proportion with the heightened\nrisk in the loan portfolio. Although Park Avenue did not appropriately identify,\nmonitor, and limit the risk in its loan portfolio, examiners rated the bank\nsatisfactory from 2003 through 2007 based, in part, on the bank\xe2\x80\x99s strong earnings\nand low level of classified assets. In our opinion, FRB Atlanta should have been\nmore aggressive in its supervisory activities when signs of credit risk management\nweaknesses persisted, regardless of the bank\xe2\x80\x99s financial performance.\nSpecifically, it should not have upgraded the bank\xe2\x80\x99s CAMELS composite rating\nin 2003 or terminated a 2003 board resolution before Park Avenue had clearly\ndemonstrated that it had resolved its credit risk management deficiencies.\n\nFurther, we believe that FRB Atlanta should have held bank management\naccountable for not timely developing a CRE risk management program\nconsistent with the guidance outlined in Supervision and Regulation Letter 07-01,\nInteragency Guidance on Concentrations in Commercial Real Estate Lending,\n\n\n\nSemiannual Report to Congress         17                                  April 2012\n\x0cSound Risk Management Practices (SR Letter 07-01), especially given prior\nfundamental credit risk management weaknesses.\n\nWe believe that the lessons learned from Park Avenue\xe2\x80\x99s failure can be applied by\nthose supervising banks with similar characteristics and circumstances. Park\nAvenue\xe2\x80\x99s failure illustrates (1) the risks associated with a strategic focus on high-\nrisk loan products and expansion into new markets; (2) the importance of\nestablishing appropriate credit risk management practices, including concentration\nlimits and strong underwriting consistent with SR Letter 07-01 and the\nCommercial Bank Examination Manual, prior to pursuing higher-risk lending;\nand (3) the importance of scrutinizing any weaknesses in a function with\npreviously noted deficiencies and implementing aggressive supervisory action to\naddress those weaknesses.\n\nThe Director of BS&R concurred with our observations and lessons learned.\n\nFirst Chicago Bank and Trust\n\nFirst Chicago Bank and Trust (First Chicago) was created following the merger of\nLabe Bank and Bloomingdale Bank and Trust in November 2006. Labe Bank\nwas a savings bank established in 1905 in Chicago, Illinois, and became a state\nmember bank in 2006. Bloomingdale Bank and Trust was a state member bank\nestablished in 1991, and it operated in Bloomingdale, Illinois. First Chicago was\nsupervised by FRB Chicago, under delegated authority from the Board, and by the\nIllinois Department of Financial and Professional Regulation (State). The State\nclosed First Chicago on July 8, 2011, and appointed the FDIC as receiver. The\nFDIC OIG notified our office that First Chicago\xe2\x80\x99s failure would result in a\n$284.3 million loss to the DIF, or 29.9 percent of the bank\xe2\x80\x99s $950.8 million in\ntotal assets at closing.\n\nFirst Chicago failed because its board of directors and management did not\nadequately control the risks associated with the bank\xe2\x80\x99s aggressive lending\nstrategy, which focused on CRE loans, including CLD loans. The bank\xe2\x80\x99s\nbusiness strategy included loan growth through CRE lending, supported primarily\nby noncore funding sources, and resulted in a CRE concentration. The 2006\nmerger that led to the creation of First Chicago reduced the bank\xe2\x80\x99s CRE\nconcentration and helped diversify the bank\xe2\x80\x99s loan portfolio. Management\nplanned to further reduce the bank\xe2\x80\x99s concentration through loan diversification by\nincreasing lending in commercial and industrial loans. However, management\xe2\x80\x99s\nsubsequent efforts failed to reduce and adequately manage the bank\xe2\x80\x99s credit\nconcentration risks. First Chicago\xe2\x80\x99s CRE loan concentration, particularly in CLD\nloans, made the bank especially vulnerable to real estate market declines. First\nChicago\xe2\x80\x99s board of directors\xe2\x80\x99 and management\xe2\x80\x99s failure to effectively manage the\nbank\xe2\x80\x99s CRE and CLD credit risk, coupled with a declining real estate market, led\nto significant asset quality deterioration. Mounting losses depleted the bank\xe2\x80\x99s\n\n\n\nSemiannual Report to Congress          18                                  April 2012\n\x0cearnings and eroded capital, which prompted the State to close First Chicago and\nappoint the FDIC as receiver on July 8, 2011.\n\nWith respect to supervision, FRB Chicago complied with the examination\nfrequency guidelines for the 2007\xe2\x80\x932011 time frame we reviewed and conducted\nregular off-site monitoring. Our analysis of FRB Chicago\xe2\x80\x99s supervision of First\nChicago revealed that FRB Chicago had a number of opportunities to deliver a\nstronger supervisory response. We believe a stronger supervisory response\nrelated to the credit risk management of concentrations was warranted as early as\nits April 2008 examination. In addition, while we recognize that FRB Chicago\ndowngraded First Chicago\xe2\x80\x99s management CAMELS component rating in a June\n2009 examination, we believe that an April 2009 supervisory assessment\npresented an opportunity for stronger criticism of management\xe2\x80\x99s performance\nrelated to the bank\xe2\x80\x99s deteriorating condition. Further, we believe that First\nChicago\xe2\x80\x99s condition and management\xe2\x80\x99s inability to timely address identified\ndeficiencies called for stronger criticism in a June 2010 examination, including a\nmanagement component downgrade.\n\nWe believe that First Chicago\xe2\x80\x99s failure offers lessons learned that can be applied\nto supervising banks with similar characteristics and circumstances. First\nChicago\xe2\x80\x99s failure illustrates the importance of (1) timely implementation of a\nrobust credit risk assessment program designed to facilitate the identification and\nmanagement of concentrations, (2) closely monitoring and assessing management\nperformance, and (3) appropriately assigning management CAMELS ratings\ncommensurate with the issues identified during the examination.\n\nThe Director of BS&R concurred with our conclusions and lessons learned.\n\nTransfer of Office of Thrift Supervision Functions\n\nTitle III of the Dodd-Frank Act established provisions for the transfer of authority\nfrom the Office of Thrift Supervision (OTS) to the OCC, the FDIC, and the Board\nwithin one year after the July 21, 2010, date of the act\xe2\x80\x99s enactment. Under title\nIII, the Board received the functions and rulemaking authority for consolidated\nsupervision of savings and loan holding companies and their nondepository\nsubsidiaries. This transfer of OTS functions to the Board was effective on\nJuly 21, 2011.\n\nThe Dodd-Frank Act required that, within 180 days after its enactment, the OTS,\nthe OCC, the FDIC, and the Board jointly submit a plan (Joint Implementation\nPlan) to Congress and the IGs of Treasury, the FDIC, and the Board that detailed\nthe steps each agency would take to implement the title III provisions. The Joint\nImplementation Plan was submitted to Congress and the IGs on January 25, 2011.\nThe Dodd-Frank Act required that the IGs conduct a review to determine whether\nthe implementation plan conformed to the title III provisions. On March 28, 2011,\n\n\n\nSemiannual Report to Congress         19                                  April 2012\n\x0cthe IGs jointly issued a report concluding that the actions described in the Joint\nImplementation Plan generally conformed to the provisions of title III.2\n\nSection 327 of title III requires the IGs to report on the status of the\nimplementation of the Joint Implementation Plan every six months. The IGs have\nsubmitted two status reports to date: one on September 28, 2011, and the other on\nMarch 28, 2012. These joint reports, both titled Status of the Transfer of Office of\nThrift Supervision Functions, concluded that the Board, the FDIC, the OCC, and\nthe OTS have substantially implemented the actions in the plan to transfer OTS\nfunctions, employees, funds, and property to the Board, the FDIC, and the OCC,\nas appropriate. However, both reports noted that the Board was still undertaking\ncertain aspects of the plan, and the first report noted that certain other aspects\nwere not yet required to be completed as provided in title III.\n\nIn its written comments regarding the March 28, 2012, report, the Board stated\nthat it agreed with the IGs\xe2\x80\x99 conclusion.\n\nReview of the Division of Reserve Bank Operations and Payment Systems\xe2\x80\x99\nOversight of the Next Generation $100 Note\n\nDuring this reporting period, we completed a review of the Division of Reserve\nBank Operations and Payment Systems\xe2\x80\x99 (RBOPS\xe2\x80\x99s) oversight of the next\ngeneration (NXG) $100 note. The Board is the sole issuer of U.S. currency, and\nRBOPS (on behalf of the Board) is responsible for ensuring the high quality of the\nFederal Reserve notes that are printed by Treasury\xe2\x80\x99s Bureau of Engraving and\nPrinting (BEP). The NXG $100 note is the final denomination to be redesigned in\nthe NXG currency redesign project that began in 2000, and it includes the most\ncomplex anticounterfeiting security features ever incorporated into U.S. currency.\nWe began this review as a result of the Board\xe2\x80\x99s October 1, 2010, press release\nannouncing that it would delay issuing the NXG $100 note due to the increasing\nincidence of currency paper creasing during the printing process. Our review\nobjectives were to (1) assess RBOPS\xe2\x80\x99 oversight of the design and production of\nthe NXG $100 notes; (2) review the actions RBOPS has taken to address the\nprinting problems, which included contracting for an independent technical\nreview, and to enhance controls to minimize the likelihood of future printing\nproblems; and (3) assess plans for the disposition of NXG $100 notes that have\nalready been printed.\n\nOur analysis determined that actions taken by RBOPS appropriately addressed the\nidentified printing issues and enhanced controls to minimize the likelihood of\nfuture printing problems. In addition, we determined that RBOPS staff is\nparticipating in the assessment of plans for the disposition of the more than\n1.4 billion NXG $100 notes that have been printed. We identified three areas,\n\n\n    2. However, in response to a finding in the joint IGs\xe2\x80\x99 report, the Joint Implementation Plan\nwas amended in April 2011 to expand on the protections for transferred OTS employees.\n\nSemiannual Report to Congress                20                                         April 2012\n\x0chowever, in which RBOPS could strengthen oversight of the Federal Reserve note\ndesign and quality control production process:\n\n    \xef\x82\xb7   RBOPS staff should comply with requirements in a memorandum of\n        understanding (MOU) that details the authorities, responsibilities, and\n        understandings between RBOPS and the BEP, to include agreeing on a\n        limited initial production quantity of newly designed currency.\n\n    \xef\x82\xb7   The Interagency Currency Design workgroup, which provides technical\n        guidance on currency design and other subjects that affect U.S. currency,\n        should operate under an executed charter.\n\n    \xef\x82\xb7   The current MOU between the Board and the BEP should be updated and\n        expanded to incorporate the increased complexity of note design, quality\n        control, and production.\n\nOur report contained recommendations to address the absence of (1) an approved\nand signed Interagency Currency Design workgroup charter and (2) an updated\nMOU that incorporates increased design complexities. We did not make a\nrecommendation regarding compliance with requirements in the MOU because\nthe Board and the BEP entered into a NXG $100 note production validation\nagreement in September 2011 to ensure that all technical problems are identified\nand resolved prior to restarting full production.\n\nThe Director of RBOPS agreed with our recommendations and specified actions\nthat have been or will be taken to implement them.\n\nONGOING INSPECTION AND EVALUATION WORK AT THE BOARD\n\nFailed Bank Reviews\n\nAs discussed below, we are currently conducting three failed bank reviews.\nThese banks had total assets of approximately $2.8 billion and total losses to the\nDIF estimated at $628.0 million, or approximately 22.4 percent of total assets.\n\nBank of the Commonwealth\n\nOn September 23, 2011, the Commonwealth of Virginia State Corporation\nCommission, Bureau of Financial Institutions, closed Bank of the\nCommonwealth, headquartered in Norfolk, Virginia. At closure, the FDIC\nreported that Bank of the Commonwealth had approximately $974.9 million in\ntotal assets. On October 12, 2011, the FDIC OIG notified our office that the\nFDIC had estimated a $268.3 million loss to the DIF, which exceeds the statutory\nthreshold requiring us to conduct a material loss review. As such, we initiated a\nmaterial loss review, and we plan to issue our report by April 12, 2012.\n\n\n\nSemiannual Report to Congress         21                                  April 2012\n\x0cCommunity Banks of Colorado\n\nOn October 21, 2011, the Board appointed the FDIC as receiver for Community\nBanks of Colorado, located in Greenwood Village, Colorado. At the closure, the\nFDIC reported that Community Banks of Colorado had $1.3 billion in total assets.\nOn November 18, 2011, the FDIC OIG notified our office that the FDIC had\nestimated a $224.9 million loss to the DIF, which exceed the statutory threshold\nrequiring us to conduct a material loss review. As such, we initiated a material\nloss review, and we plan to issue our report by May 18, 2012.\n\nBank of Whitman\n\nOn August 5, 2011, the Washington Department of Financial Institutions closed\nBank of Whitman, headquartered in Colfax, Washington. At closure, the FDIC\nreported that Bank of Whitman had $548.6 million in total assets as of June 30,\n2011. On August 5, 2011, the FDIC estimated that the cost of the failure to the\nDIF would be $134.8 million, which did not meet the materiality threshold as\ndefined under section 38(k) of the FDI Act. However, we determined that Bank\nof Whitman\xe2\x80\x99s failure presents unusual circumstances warranting an in-depth\nreview because, among other factors, (1) senior bank officials allegedly colluded\nwith other banks in a scheme designed to increase capital and (2) a borrower with\nwhom Bank of Whitman had a substantial relationship was allegedly involved in a\nPonzi scheme that may have involved the use of bank funds. Bank of Whitman\nwas cited for several violations of Washington\xe2\x80\x99s legal lending limit, including\nloans made to this borrower. We expect to issue our report by September 2012.\n\n2012 Audit Survey of Board and CFPB Controls over Sensitive and Proprietary\nInformation Collected and Exchanged with FSOC\n\nThe Dodd-Frank Act created FSOC and CIGFO. FSOC is charged with\nidentifying threats to the financial stability of the country, promoting market\ndiscipline, and responding to emerging risks to the stability of the nation\xe2\x80\x99s\nfinancial system.3 As such, FSOC collects and manages sensitive information\nthat must be properly safeguarded against unauthorized disclosure. CIGFO,\nwhich comprises nine IGs of federal financial regulatory entities, was established\nto facilitate information sharing among its IG members; provide a forum for\ndiscussion of IG member work as it relates to the broader financial sector; and, by\n\n\n\n    3. Voting FSOC members include the Secretary of the Treasury, the Chairman of the Board,\nthe Comptroller of the Currency, the Director of the CFPB, the Chairman of the SEC, the\nChairperson of FDIC, the Chairperson of the CFTC, the Director of the FHFA, the Chairman of\nthe NCUA Board, and an independent member with insurance expertise. Nonvoting FSOC\nmembers include the Director of the Office of Financial Research, the Director of the Federal\nInsurance Office, a state insurance commissioner, a state banking supervisor, and a state securities\ncommissioner. The entities covered within the scope of this audit consist of FSOC, the Office of\nFinancial Research, the Federal Insurance Office, and FSOC member agencies with voting rights.\n\nSemiannual Report to Congress                 22                                         April 2012\n\x0ca majority vote, convene a Working Group to evaluate the effectiveness and\ninternal operations of FSOC.\n\nThis audit survey is examining the controls and protocols that FSOC and its\nmember agencies have implemented to properly safeguard sensitive FSOC-related\ninformation. As our part in accomplishing this objective, we will determine the\ncontrols and protocols that have been established by the Board and the CFPB to\nmanage sensitive and proprietary FSOC-related information. CIGFO will prepare\na consolidated report containing the results of the respective IG members.\n\nReview of the Unauthorized Disclosure of a \xe2\x80\x9cConfidential Staff Draft\xe2\x80\x9d of the\nVolcker Rule Notice of Proposed Rulemaking\n\nOn October 11, 2011, the Board, the FDIC, and the OCC issued press releases\nrequesting public comment on a notice of proposed rulemaking implementing the\nrequirements of section 619 of the Dodd-Frank Act.4 Section 619, which amends\nthe Bank Holding Company Act of 1956 (12 U.S.C. \xc2\xa7 1841 et seq.), contains two\nkey prohibitions on the activities of insured depository institutions, bank holding\ncompanies, and their subsidiaries or affiliates.5 The first prohibition precludes\nbanking entities from engaging in short-term proprietary trading of any security,\nderivative, and certain other financial instruments for a banking entity\xe2\x80\x99s own\naccount.6 The second prohibition precludes banking entities from owning,\nsponsoring, or having certain relationships with a hedge fund or private equity\nfund.7 These two prohibitions are commonly referred to as the \xe2\x80\x9cVolcker Rule.\xe2\x80\x9d8\nThe notice of proposed rulemaking to implement the Volcker Rule (referred to\nhereafter as the NPRM) has attracted considerable attention because the two\nprohibitions require adjustments to the business models of large, complex banking\norganizations.\n\n\n\n     4. Section 619 of the Dodd-Frank Act appears in Pub. L. No. 111-203, 124 Stat. 1620-31, and\nis codified at 12 U.S.C. \xc2\xa7 1851. The October 11, 2011, version of the notice of proposed\nrulemaking (NPRM) had not been paginated or formatted for purposes of the Federal Register.\nThe NPRM, \xe2\x80\x9cProhibitions and Restrictions on Proprietary Trading and Certain Interests In, and\nRelationships With, Hedge Funds and Private Equity Funds,\xe2\x80\x9d appeared in the November 7, 2011,\nFederal Register. 76 Fed. Reg. 68846 (Nov. 7, 2011).\n     5. Section 619 amends the Bank Holding Company Act of 1956 by adding a new section 13,\n\xe2\x80\x9cProhibitions on Proprietary Trading and Certain Relationships with Hedge Funds and Private\nEquity Funds.\xe2\x80\x9d\n     6. Proprietary trading refers to trading in stocks or other financial instruments using the\ninstitution\xe2\x80\x99s own funds to profit from short-term price changes.\n     7. Hedge funds refer to investment vehicles that engage in active trading of securities and\nother financial contracts. Private equity funds generally refer to funds that use leverage or other\nmethods to invest in companies or other less liquid investments.\n     8. Former Board Chairman Paul Volcker, while serving as the Chairman of the President\xe2\x80\x99s\nEconomic Recovery Advisory Board, opined that the riskier trading activities of commercial\nbanks and their affiliates contributed to the recent financial crisis. The \xe2\x80\x9cVolcker Rule\xe2\x80\x9d generally\nrefers to separating commercial banking from riskier activities such as proprietary trading and\noperating a hedge fund or engaging in private equity activities.\n\nSemiannual Report to Congress                23                                         April 2012\n\x0cSection 619 required the Board, the FDIC, the OCC, the SEC, and the CFTC\n(collectively, the Agencies) to jointly adopt rules to implement its provisions. As\npart of this joint rulemaking process, Board employees involved in the rulemaking\ndistributed several versions of the NPRM to the Agencies for deliberation,\nincluding a \xe2\x80\x9cconfidential staff draft\xe2\x80\x9d dated September 30, 2011. On October 5,\n2011, American Banker, a banking and financial services media outlet, published\nthis nonpublic, confidential staff draft of the NPRM on its website. We are\nconducting this review to evaluate whether Board and/or Federal Reserve Bank of\nNew York staff had knowledge of, or played a role in, the unauthorized disclosure\nof the confidential staff draft of the NPRM and to assess the Board\xe2\x80\x99s information-\nsharing practices for rulemaking activities. We plan to issue our report during the\nnext semiannual reporting period.\n\nInspection of the Board\xe2\x80\x99s Protective Services Unit\n\nDuring this semiannual reporting period, we completed fieldwork and began\ndrafting our report on an inspection of the Board\xe2\x80\x99s Protective Services Unit, the\norganization that ensures the physical security of the Chairman of the Board of\nGovernors of the Federal Reserve System. The USA Patriot Act of 2001 granted\nthe Board certain federal law enforcement authorities, and the regulations\nimplementing this authority designated the OIG as the external oversight function\nfor the Board\xe2\x80\x99s law enforcement programs. We are performing this inspection to\nfulfill our external oversight function responsibility. The objective of this\ninspection is to provide reasonable assurance that the Protective Services Unit\xe2\x80\x99s\noperations comply with applicable laws, regulations, policies, and procedures and\nalign with law enforcement best practices.\n\nCongressional Request Regarding the Examination Process for Small\nCommunity Banks\n\nDuring this reporting period, we received a letter from the Chairman of the Senate\nCommittee on Banking, Housing, and Urban Affairs requesting that we audit the\nBoard\xe2\x80\x99s examination process for small community banks. Based on the\nChairman\xe2\x80\x99s request, we plan to review (1) the Board\xe2\x80\x99s examination timelines and\nhow the Board ensures consistency in the administration of examinations\nthroughout the Federal Reserve System, (2) the ability of Board-regulated\ninstitutions to question examination results through the Board\xe2\x80\x99s Ombudsman\nprogram or other appeals process, and (3) the frequency and results of\nexamination appeals. We have begun our fieldwork to fulfill this request and plan\nto complete the audit during the next semiannual reporting period.\n\n\n\n\nSemiannual Report to Congress         24                                 April 2012\n\x0cEvaluation of the Board\xe2\x80\x99s Emergency Preparedness for Unexpected Emergency\nEvents\n\nDuring this reporting period, we initiated an evaluation of the Board\xe2\x80\x99s emergency\npreparedness. The objective of this review is to evaluate the Board\xe2\x80\x99s policies and\nprocedures for responding to unexpected emergency events. As part of this effort,\nwe will assess the law enforcement unit\xe2\x80\x99s communication protocols for processing\nand disseminating information to Board staff during such events. We plan to\ncomplete this evaluation in late 2012.\n\n\n\n\nSemiannual Report to Congress        25                                 April 2012\n\x0cInformation on Nonmaterial Losses to the Deposit\nInsurance Fund, as Required by the Dodd-Frank Act\nThe FDI Act, as amended by the Dodd-Frank Act, requires the IG of the\nappropriate federal banking agency to report, on a semiannual basis, certain\ninformation on financial institutions that incurred nonmaterial losses to the DIF\nand that failed during the respective six-month period. As shown in the table\nbelow, one failed state member bank had a loss to the DIF that did not meet the\nmateriality threshold requiring an OIG review, which currently is a loss in excess\nof $150.0 million. This institution had total assets of approximately\n$256.6 million and losses estimated at $75.6 million, or 29.5 percent of total\nassets.\n\nWhen bank failures result in nonmaterial losses to the DIF, the IG is required to\ndetermine (1) the grounds identified by the federal banking agency or the state\nbank supervisor for appointing the FDIC as receiver9 and (2) whether the losses to\nthe DIF present unusual circumstances that would warrant an in-depth review. If\nno unusual circumstances are identified, the IG is required to provide an\nexplanation of its determination.\n\nWe reviewed the state member bank failure to determine whether the resulting\nloss to the DIF exhibited unusual circumstances that would warrant an in-depth\nreview. In general, we considered a loss to the DIF to present unusual\ncircumstances if the conditions associated with the bank\xe2\x80\x99s deterioration, ultimate\nclosure, and supervision were not addressed in any of our prior bank failure\nreports or involved potential fraudulent activity. To make this determination, we\nanalyzed key data from the five-year period preceding the bank\xe2\x80\x99s closure. These\ndata generally comprised Federal Reserve Bank and state examination schedules;\nReports of Examination, including CAMELS ratings and financial data; informal\nand formal enforcement actions and other supervisory activities, such as\nvisitations; and PCA determinations. As shown in the below table, we determined\nthat the state member bank failure did not exhibit unusual circumstances\nwarranting an in-depth review.\n\nNonmaterial State Member Bank Failures during the Reporting Period\n                                                  DIF\n                                                Projected                   OIG Summary of\n                                   Asset size     Loss          Closure     State\xe2\x80\x99s Grounds\n State Member Bank    Location     (millions)   (millions)       Date       for Receivership     OIG Determination\n\nBankEast              Knoxville,    $256.6        $75.6        01/27/2012   Unsound condition          No unusual\n                        TN                                                                        circumstances noted\n\n\n\n\n   9. Typically, the state closes state member banks and appoints the FDIC as receiver.\n\nSemiannual Report to Congress                             26                                    April 2012\n\x0cConsumer Financial Protection Bureau\nThe Dodd-Frank Act established the CFPB as an independent entity within the\nFederal Reserve System and designated our office as the CFPB\xe2\x80\x99s OIG. The\nCFPB\xe2\x80\x99s statutory purpose is to implement and, as applicable, consistently enforce\nfederal consumer financial law to ensure that all consumers have access to\nmarkets for financial products and services and that these markets are fair,\ntransparent, and competitive. On July 21, 2011, certain authorities transferred\nfrom other agencies to the CFPB. The following are highlights of our CFPB-\nrelated oversight activities during the last six months.\n\nCOMPLETED WORK\n\nAudit of the CFPB\xe2\x80\x99s Information Security Program\n\nDuring this reporting period, we completed our initial audit of the CFPB\xe2\x80\x99s\nInformation Security Program and practices. The audit was performed pursuant\nto FISMA, which requires that each agency IG conduct an annual independent\nevaluation of the agency\xe2\x80\x99s Information Security Program and practices.\n\nThe CFPB is relying on the Information Security Program and computer systems\nof Treasury. As part of its 2011 FISMA audit, the Treasury OIG evaluated the\neffectiveness of Treasury\xe2\x80\x99s Information Security Programs, including controls for\n15 systems across Treasury bureaus. One of the systems included in the Treasury\nOIG\xe2\x80\x99s FISMA review was a general support system that the CFPB is relying on\nfor network infrastructure and connectivity to support a number of applications.\nTo meet our annual FISMA reporting responsibilities for the CFPB and avoid\nduplication of effort, we relied on the FISMA work performed by the Treasury\nOIG.\n\nThe Treasury OIG contracted with KPMG LLC, an independent certified public\naccounting firm, to perform its 2011 FISMA audit. Overall, KPMG concluded\nthat Treasury\xe2\x80\x99s Information Security Program and practices for its non-Internal\nRevenue Service bureaus\xe2\x80\x99 unclassified systems were generally consistent with the\nrequirements of FISMA. KPMG noted, however, that \xe2\x80\x9cTreasury\xe2\x80\x99s Information\nSecurity Program was not fully effective,\xe2\x80\x9d as evidenced by control weaknesses\nidentified for various Treasury systems. Treasury can improve the effectiveness\nof its Information Security Program and controls for the general support system\nthat CFPB relies on by strengthening risk management, configuration\nmanagement, and contingency planning controls.\n\nIn comments on a draft of our report, the CFPB CIO stated that the CFPB\ncontinues to leverage certain services provided by Treasury as an interim means\nto maintain operational efficiencies. The CIO also noted that a key component of\nCFPB technology independence is a robust and comprehensive cyber-security\nprogram. The CFPB\xe2\x80\x99s cyber security program is aligned to the risk management\nframework developed by NIST. As a newly established agency, the CFPB is\n\n\n\nSemiannual Report to Congress              27                           April 2012\n\x0cworking steadily to develop and mature its internal functions and processes,\nincluding the many facets of technology management.\n\nONGOING WORK\n\nEvaluation of the CFPB\xe2\x80\x99s Contract Solicitation and Selection Process\n\nThe CFPB established a procurement function and has been contracting for goods\nand services. Accordingly, we are conducting an evaluation of certain aspects of\nthe CFPB\xe2\x80\x99s contracting process. The evaluation objective is to determine whether\nthe CFPB\xe2\x80\x99s contract solicitation and selection processes and practices are\ncompliant with applicable rules established by the Federal Acquisition\nRegulation. During this reporting period, we initiated fieldwork and began\nassessing the CFPB\xe2\x80\x99s contracting activities.\n\nEvaluation of the CFPB\xe2\x80\x99s Consumer Response Center\n\nAs of March 5, 2012, the CFPB\xe2\x80\x99s Consumer Response Center is accepting\ncomplaints regarding credit cards, mortgages, checking accounts, and private\nstudent loans through its website and toll-free number. As part of our office\xe2\x80\x99s\noversight responsibilities, we are assessing several of the Consumer Response\nCenter\xe2\x80\x99s processes. Our objectives are to (1) evaluate the process the CFPB has\nestablished to receive, track, and respond to consumer complaints; (2) assess the\nCFPB\xe2\x80\x99s coordination with federal and state regulatory agencies regarding the\nprocessing and referral of complaints; and (3) determine the extent to which the\nCFPB is assessing its performance when responding to consumer complaints.\n\nEvaluation of the CFPB\xe2\x80\x99s Annual Budget Process\n\nDuring this reporting period, we initiated an evaluation of the CFPB\xe2\x80\x99s annual\nbudget process. As an independent agency within the Federal Reserve System,\nthe CFPB is funded principally by the Federal Reserve System in amounts\ndetermined by the CFPB Director as necessary to carry out the agency\xe2\x80\x99s\noperations, subject to limits established in the Dodd-Frank Act. These transferred\nfunds are not subject to the congressional appropriations process. The CFPB\nprepared and publicly issued budget documents for fiscal years 2012 and 2013. In\nthe CFPB\xe2\x80\x99s 2013 budget justification issued in February 2012, the agency\nestimated budgeted expenses of $356 million in fiscal year 2012 and $448 million\nin fiscal year 2013. We are currently performing an initial scoping effort to\nestablish the specific objectives, scope, and methodology for this evaluation.\n\n2012 Audit Survey of Board and CFPB Controls over Sensitive and Proprietary\nInformation Collected and Exchanged with the FSOC\n\n(See page 22 for a description of this audit survey.)\n\n\n\nSemiannual Report to Congress          28                                April 2012\n\x0cInvestigations\nThe OIG\xe2\x80\x99s Investigations office conducts criminal, civil, and administrative\ninvestigations related to Board and CFPB programs and operations. The OIG\noperates under statutory law enforcement authority granted by the U.S. Attorney\nGeneral, which vests our special agents with the authority to carry firearms, make\narrests without a warrant, seek and execute search and arrest warrants, and seize\nevidence. Our special agents engage in joint task force and other criminal\ninvestigations involving matters such as bank fraud, mortgage fraud, money\nlaundering, and other financially related crimes impacting Board- and CFPB-\nregulated financial institutions. OIG investigations are conducted in compliance\nwith CIGIE\xe2\x80\x99s Quality Standards for Investigations.\n\nINVESTIGATIVE ACTIVITIES\n\nDuring this reporting period, we opened 8 cases, closed 3 cases, and ended the\nperiod with 43 investigations in progress. Due to the sensitivity of these\ninvestigations, we only report on concluded and ongoing activities that have\nresulted in criminal, civil, or administrative action. The following summaries\nhighlight our significant investigative activity during this semiannual reporting\nperiod.\n\nFormer President and Chief Executive Officer of Orion Bank Pleads Guilty to\nBank Fraud Charges\n\nOn February 3, 2012, the president and chief executive officer of Orion Bank,\nNaples, Florida, entered a guilty plea to a criminal information in which he was\ncharged with conspiring to commit bank fraud, misapplying bank funds, making\nfalse entries in the bank\xe2\x80\x99s books and records, and obstructing a bank examination.\nThe charges relate to his role in a scheme to lend $82 million to \xe2\x80\x9cstraw\xe2\x80\x9d\nborrowers acting on behalf of an Orion Bank borrower (hereafter referred to as\nthe initial borrower) who had reached the bank\xe2\x80\x99s legal lending limit.\nAdditionally, the loans concealed $15 million in bank funds to be used for the\npurchase of Orion stock by the initial borrower, in violation of banking laws and\nregulations. Orion Bank proceeded to fund the loan transactions even though\nbank executives, including the president, became aware prior to loan closing that\nthe initial borrower\xe2\x80\x99s entire loan relationship was based on fraudulent financial\ndocuments.\n\nIn 2009, Orion Bank was in danger of being declared critically undercapitalized\nby the Board. The president indicated that the bank was in the process of raising\n$75 million in additional capital. After unsuccessful attempts to raise capital\nconventionally, he and the other co-conspirators developed a scheme to increase\nloans in process to the initial borrower and another borrower to provide financing\nfor the purchase of bank stock. The president took this action despite knowing\nthat such loans were prohibited by banking laws and regulations. He directed that\n$82 million in additional loans be made to straw borrowers acting for the initial\nborrower. He directed Orion Bank staff to continue with the loans to the initial\n\n\nSemiannual Report to Congress                29                             April 2012\n\x0cborrower, despite learning prior to closing the loans that the initial borrower\xe2\x80\x99s\nentire relationship with the bank, which was in excess of $40 million, was based\non fraudulent financial documents. Based on agreements with the president, the\ninitial borrower purchased $15 million of Orion Bancorp, Inc. stock, and the\nsecond borrower purchased $10 million in stock, in violation of banking laws and\nregulations. Following the illegal stock transactions, the president repeatedly lied\nto the bank\xe2\x80\x99s regulators regarding the source of the capital infusion. During the\ncourse of the scheme, the president also sold more than $750,000 of his personal\nbank stock to other investors under false pretenses.\n\nThe president is scheduled to be sentenced on May 15, 2012, and is facing a\nmaximum of 15 years in prison. In addition, two senior loan officers are currently\nserving 24 and 30 months, respectively, for their roles in the conspiracy and were\nordered to jointly and severally pay $33,512,618 in restitution. Additionally, the\ninitial borrower is currently serving 65 months in prison and was ordered to pay\n$65,214,419 in restitution.\n\nThis was a joint investigation by the FBI, the Internal Revenue Service\xe2\x80\x93Criminal\nInvestigation, the FDIC OIG, SIGTARP, and the Board\xe2\x80\x99s OIG. The case was\nprosecuted by the U.S. Attorney\xe2\x80\x99s Office for the Middle District of Florida.\n\nTwo Former Officials of United Commercial Bank Indicted on Securities\nFraud Charges and Guilty Plea Entered by a Former Employee\n\nOn September 15, 2011, a former executive vice president and a former senior\nvice president of United Commercial Bank (UCB) were indicted on charges of\nconspiracy to commit securities fraud, security fraud, falsifying corporate books\nand records, and lying to auditors. In addition, on October 13, 2011, the guilty\nplea of a former UCB employee who admitted to charges of conspiracy to commit\nsecurities fraud was unsealed. UCB was a subsidiary of United Commercial Bank\nHoldings, Inc., which was a Board-regulated holding company whose shares were\nregistered with the SEC and were traded on the Nasdaq. The OIG initiated this\ninvestigation at the request of the FBI and the U.S. Attorney\xe2\x80\x99s Office for the\nNorthern District of California.\n\nAccording to the indictment, from 2004 through 2007, UCB\xe2\x80\x99s loan portfolio\nincreased from approximately $4.4 billion to more than $8.0 billion. By\nSeptember 2008, the bank\xe2\x80\x99s portfolio faced growing losses. The indictment\nalleges that, beginning in approximately September 2008, the former executive\nvice president and the former senior vice president participated in a fraudulent\nscheme to hide the bank\xe2\x80\x99s true financial condition from the regulators,\nindependent auditors, investors, and depositors.\n\nIn May 2009, UCB announced that the financial statements contained in its\nMarch 16, 2009, SEC Form 10-K were unreliable and that UCB intended to\nrestate them. However, prior to the restatement of the financial statements, UCB\n\n\nSemiannual Report to Congress         30                                   April 2012\n\x0cfailed in November 2009, and the FDIC was appointed the receiver. The\nindictment states that the FDIC paid out approximately $397 million and\nestimates total losses to the FDIC will be approximately $2.5 billion. In addition,\nthe indictment reported that UCB received $298 million in TARP funds in\nNovember 2008. To date, none of the TARP funds have been repaid.\n\nThe indictment charges that the defendants and others caused the bank to issue\nmaterially false and misleading public statements and reports regarding its year-\nend financial condition and performance in, among other things, a January 22,\n2009, press release; an earnings call held on January 23, 2009; and an annual\nreport (SEC Form 10-K) filed on March 16, 2009.\n\nThis investigation is being worked jointly by the FBI, SIGTARP, the FDIC OIG,\nand the Board\xe2\x80\x99s OIG.\n\nTwelve Individuals Arrested in Connection with Money Laundering Case\n\nThe OIG initiated this investigation based on a request from the U.S. Attorney\xe2\x80\x99s\nOffice for the District of South Carolina. The OIG\xe2\x80\x99s investigation revealed that\nseveral individuals were engaged in money laundering and bank fraud at Federal\nReserve\xe2\x80\x93regulated institutions. The investigation also revealed that these\nindividuals were operating unregistered money service businesses; a trucking\ncompany; and convenience stores in the Charleston, South Carolina, metro\narea. The individuals fraudulently obtained and misused social security numbers,\nutilized business and personal financial accounts to send and receive domestic and\noverseas wires, utilized unregistered money service businesses to wire an\nundetermined amount of U.S. currency via Western Union to domestic and\ninternational accounts, structured deposits with multiple financial institutions, and\nmade numerous false statements on various federal and state documents.\n\nIn June 2011, the OIG\xe2\x80\x99s investigation was merged with an ongoing Bureau of\nAlcohol, Tobacco, Firearms, and Explosives investigation involving illegal\ncigarette sales. On December 5, 2011, 12 individuals were arrested in a money\nlaundering and a cigarette trafficking scheme spanning several states. These 12\nindividuals were simultaneously arrested in North Carolina, South Carolina, and\nNew York. Concurrent with the arrests, several search warrants were also\nexecuted, resulting in the seizure of approximately $1.5 million in cash, 29\nvehicles, and several businesses and residences.\n\nThis is a joint investigation by the Bureau of Alcohol, Tobacco, Firearms, and\nExplosives; the Internal Revenue Service\xe2\x80\x93Criminal Investigation; the U.S.\nDiplomatic Security Service; the Charlotte Mecklenburg Police Department; the\nTreasury OIG; and the Board\xe2\x80\x99s OIG.\n\n\n\n\nSemiannual Report to Congress          31                                  April 2012\n\x0cIndividual Sentenced in Maryland Mortgage Fraud Task Force Investigation\n\nAs part of the Maryland Mortgage Fraud Task Force, the OIG initiated an\ninvestigation of an alleged mortgage fraud scheme. The investigation disclosed\nthat between June and September 2007, three subjects conspired to commit a\nmortgage fraud scheme that netted more than $1.2 million from three federally\nregulated financial institutions. Specifically, the subjects submitted false\nmortgage applications for three properties that included false certifications of\noccupancy and inflated income. Each of the properties went into foreclosure or\nshort sale, resulting in a total loss to the banks of $859,191.\n\nOn March 12, 2012, a Maryland woman was sentenced to six months of\nincarceration to be followed by three years of supervised release, with the first six\nmonths to be served under home detention, for conspiracy to commit wire fraud.\nThis subject was ordered to jointly and severally pay restitution of $859,191 with\ntwo other previously sentenced subjects until the debt is satisfied.\n\nThis was a joint investigation by the FBI and the Board\xe2\x80\x99s OIG. The case was\nprosecuted by the U.S. Attorney\xe2\x80\x99s Office for the District of Maryland, Southern\nDivision.\n\nINVESTIGATIVE STATISTICS\n\nSummary Statistics on Investigations during the Reporting Perioda\n                              Investigative Actions                           Number\n Investigative Caseload\n    Investigations Open at End of Previous Reporting Period                    38\n    Investigations Opened during Reporting Period                               8\n    Investigations Closed during Reporting Period                               3\n    Total Investigations Open at End of Reporting Period                       43\n Investigative Results for Reporting Period\n    Referred to Prosecutor                                                       8\n    Joint Investigations                                                        39\n    Referred for Audit                                                           0\n    Referred for Administrative Action                                           1\n    Oral and/or Written Reprimands                                               0\n    Terminations of Employment                                                   0\n    Arrests                                                                     15\n    Suspensions                                                                  0\n    Debarments                                                                   0\n    Indictments                                                                 14\n    Criminal Information                                                         1\n    Convictions                                                                  2\n    Monetary Recoveries                                                         $0\n    Civil Actions (Fines and Restitution)                                       $0\n    Criminal Fines, Restitution, and Forfeitures                       $66,074,082\n\n   a. Some of the investigative numbers may include data also captured by other OIGs.\n\n\n\n\nSemiannual Report to Congress                        32                                April 2012\n\x0cHOTLINE ACTIVITIES\n\nTo report fraud, waste, abuse, or mismanagement related to the programs or\noperations of the Board or the CFPB, individuals may contact the OIG Hotline by\nmail, telephone, fax, or e-mail. Hotline staff analyzes all incoming complaints\nand, as appropriate, coordinates with OIG and/or other federal staff. During this\nreporting period, the Hotline received 280 complaints, a 55 percent increase from\nthe previous reporting period.\n\nThe OIG Hotline received an increasing number of complaints from individuals\nseeking information about or wanting to file non-criminal consumer complaints\nagainst financial institutions. Hotline staff analyzes these complaints and\ntypically refers the complainant to the consumer group of the appropriate federal\nregulator for the institution involved, such as the Federal Reserve Consumer Help\nunit or the Customer Assistance Group of the OCC. Beginning in July 2011, the\nCFPB\xe2\x80\x99s Consumer Response group began accepting credit card complaints from\nconsumers. Since then, the group has expanded to accept complaints about\nmortgages and other bank products and services. As appropriate, Hotline staff\nrefers individuals to the CFPB\xe2\x80\x99s Consumer Response group for assistance.\n\nThe OIG Hotline continued to receive a significant number of complaints\ninvolving suspicious solicitations invoking the Federal Reserve name. During\nthis reporting period, the OIG Hotline posted information on its public website to\neducate people about spam e-mails claiming to be from the Federal Reserve. We\nhave received positive feedback from individuals regarding this posting. Hotline\nstaff continues to advise all individuals that these spam e-mails are solicitations\nthat attempt to obtain the personal and/or financial information of the recipient\nand that neither the Board nor the Federal Reserve Banks endorse or have any\ninvolvement in them. As appropriate, the OIG may investigate these complaints.\n\nDuring this reporting period, Hotline staff began presenting information about the\nOIG and its Hotline to new employees of the Board and the CFPB at the agencies\xe2\x80\x99\nnew employee orientations. Hotline staff will continue these presentations to\npromote the mission and values of the OIG.\n\nHOTLINE STATISTICS\n\nSummary Statistics on Hotline Activities during the Reporting Period\n           Hotline Complaints                                    Number\n\n Complaints Pending from Previous Reporting Period                   2\n Complaints Received during Reporting Period                       280\n Total Complaints for Reporting Period                             282\n\n Complaints Resolved during Reporting Period                       274\n Complaints Pending                                                  8\n\n\n\n\nSemiannual Report to Congress                        33                   April 2012\n\x0cLegal Services\nThe Legal Services program serves as the independent legal counsel to the IG and\nthe OIG staff. The Legal Services staff provides comprehensive legal advice,\nresearch, counseling, analysis, and representation in support of OIG audits,\ninvestigations, inspections, evaluations, and other professional, management, and\nadministrative functions. This work provides the legal basis for the conclusions,\nfindings, and recommendations contained within OIG reports. Moreover, Legal\nServices keeps the IG and the OIG staff aware of recent legal developments that\nmay affect the activities of the OIG, the Board, and the CFPB.\n\nIn accordance with section 4(a)(2) of the IG Act, the Legal Services staff conducts\nan independent review of newly enacted and proposed legislation and regulations\nto determine their potential effect on the economy and efficiency of the Board\xe2\x80\x99s\nand the CFPB\xe2\x80\x99s programs and operations. During this reporting period, Legal\nServices reviewed 22 legislative and 11 regulatory items.\n\n\n\n\nSemiannual Report to Congress                34                          April 2012\n\x0cCommunications and Coordination\nWhile the OIG\xe2\x80\x99s primary mission is to enhance the economy, efficiency, and\neffectiveness of Board and CFPB programs and operations, we also coordinate\nexternally and work internally to achieve our goals and objectives. Externally, we\nregularly coordinate with and provide information to Congress and congressional\nstaff. We also are active members of the broader IG professional community and\npromote collaboration on shared concerns. Internally, we consistently strive to\nenhance and maximize efficiency and transparency in our infrastructure and\nday-to-day operations. Within the Board, the CFPB, and the Federal Reserve\nSystem, we continue to provide information about the OIG\xe2\x80\x99s roles and\nresponsibilities. In addition, we participate in an advisory capacity on various\nBoard work groups. Highlights of these activities follow.\n\nCongressional Coordination and Testimony\n\nThe OIG communicates and coordinates with various congressional committees\non issues of mutual interest. During the reporting period, we provided 23\nresponses to congressional members and staff concerning the Board and the\nCFPB.\n\nCouncil of Inspectors General on Financial Oversight\n\nConsistent with the Dodd-Frank Act, CIGFO is required to meet at least quarterly\nto facilitate the sharing of information among the IGs and to discuss the ongoing\nwork of each IG, with a focus on concerns that may apply to the broader financial\nsector and ways to improve financial oversight. During this reporting period,\nCIGFO met on December 8, 2011, and March 30, 2012. The Treasury IG chairs\nCIGFO. The Dodd-Frank Act authorizes CIGFO, by a majority vote, to convene\na Working Group to evaluate the effectiveness and internal operations of FSOC.\nAs discussed on page 22, we are currently working on an audit survey examining\nthe controls and protocols that FSOC and its member agencies have implemented\nto properly safeguard sensitive FSOC-related information. To accomplish this\nobjective, we will determine the controls and protocols that have been established\nby the Board and the CFPB to manage sensitive and proprietary FSOC-related\ninformation. CIGFO will prepare a consolidated report containing the results of\nthe respective IG members.\n\nIn addition, CIGFO is required to annually issue a report that highlights the IGs\xe2\x80\x99\nconcerns and recommendations, as well as issues that may apply to the broader\nfinancial sector. CIGFO issued its first annual report on July 21, 2011, and is\ncurrently working on its second annual report.\n\nCouncil of the Inspectors General on Integrity and Efficiency and IG\nCommunity Involvement\n\nThe IG serves as a member of CIGIE, which provides a forum for IGs from\nvarious government agencies to discuss governmentwide issues and shared\n\nSemiannual Report to Congress           35                                April 2012\n\x0cconcerns. Collectively, the members of CIGIE help improve government\nprograms and operations. The IG also serves as a member of CIGIE\xe2\x80\x99s Legislation\nCommittee and Inspection and Evaluation Committee, and he leads the\nInformation Technology Subcommittee of the Legislation Committee. The\nLegislation Committee is the central point of information regarding legislative\ninitiatives and congressional activities that may affect the community, such as\nproposed cybersecurity legislation that was reviewed during the reporting period.\nThe Inspection and Evaluation Committee provides leadership for the inspection\nand evaluation community\xe2\x80\x99s efforts to improve agency program effectiveness by\nmaintaining professional standards; leading the development of protocols for\nreviewing management issues that cut across departments and agencies;\npromoting the use of advanced program evaluation techniques; and fostering\nawareness of evaluation and inspection practices in OIGs.\n\nThe Associate IG for Legal Services serves as the Vice Chair of the Council of\nCounsels to the IG, and her staff attorneys are members of the council. In\naddition, the Associate IG for Audits and Attestations serves as chair of the IT\nCommittee of the Federal Audit Executive Council and works with audit staff\nthroughout the IG community on common IT audit issues.\n\nFinancial Regulatory Coordination\n\nTo foster cooperation on issues of mutual interest, including issues related to the\ncurrent financial crisis, the IG meets periodically with the IGs from other federal\nfinancial regulatory agencies: the FDIC, Treasury, the NCUA, the SEC, the Farm\nCredit Administration, the CFTC, the Pension Benefit Guaranty Corporation (PBGC),\nthe Export-Import Bank, and the FHFA. In addition, the Associate IG for Audits and\nAttestations and the Associate IG for Inspections and Evaluations meet with their\nfinancial regulatory agency OIG counterparts to discuss various topics, including\nbank failure material loss review best practices, annual plans, and ongoing projects.\nWe also coordinate with the Government Accountability Office regarding financial\nregulatory and other related issues.\n\n\n\n\nSemiannual Report to Congress           36                                April 2012\n\x0cAppendixes\n\x0c\x0cAppendix 1a\nAudit, Inspection, and Evaluation Reports Issued to the Board with\nQuestioned Costs during the Reporting Perioda\n                                       Reports                                              Number          Dollar Value\n\n For which no management decision had been made by the commencement of the                      0                 $0\n    reporting period\n\n That were issued during the reporting period                                                   0                 $0\n\n For which a management decision was made during the reporting period                           0                 $0\n\n  (i)    dollar value of recommendations that were agreed to by management                       0                $0\n\n  (ii)   dollar value of recommendations that were not agreed to by management                  0                 $0\n\n For which no management decision had been made by the end of the reporting period              0                 $0\n\n For which no management decision was made within six months of issuance                        0                 $0\n\n  a. Because the Board is primarily a regulatory and policymaking agency, our recommendations typically focus on\nprogram effectiveness and efficiency, as well as strengthening internal controls. As such, the monetary benefit associated\nwith their implementation typically is not readily quantifiable.\n\n\n\n\n_______________________________________________________________________________\nSemiannual Report to Congress          39                             April 2012\n\x0cAppendix 1b\nAudit, Inspection, and Evaluation Reports Issued to the CFPB with\nQuestioned Costs during the Reporting Perioda\n                                       Reports                                              Number          Dollar Value\n\n For which no management decision had been made by the commencement of the                      0                 $0\n    reporting period\n\n That were issued during the reporting period                                                   0                 $0\n\n For which a management decision was made during the reporting period                           0                 $0\n\n  (i)    dollar value of recommendations that were agreed to by management                       0                $0\n\n  (ii)   dollar value of recommendations that were not agreed to by management                  0                 $0\n\n For which no management decision had been made by the end of the reporting period              0                 $0\n\n For which no management decision was made within six months of issuance                        0                 $0\n\n  a. Because the CFPB is primarily a regulatory and policymaking agency, our recommendations typically focus on\nprogram effectiveness and efficiency, as well as strengthening internal controls. As such, the monetary benefit associated\nwith their implementation typically is not readily quantifiable.\n\n\n\n\n_______________________________________________________________________________\nSemiannual Report to Congress          40                             April 2012\n\x0cAppendix 2a\nAudit, Inspection, and Evaluation Reports Issued to the Board with\nRecommendations that Funds Be Put to Better Use during the Reporting\nPerioda\n                                       Reports                                              Number          Dollar Value\n\n For which no management decision had been made by the commencement of the                      0                 $0\n    reporting period\n\n That were issued during the reporting period                                                   0                 $0\n\n For which a management decision was made during the reporting period                           0                 $0\n\n  (i)    dollar value of recommendations that were agreed to by management                       0                $0\n\n  (ii)   dollar value of recommendations that were not agreed to by management                  0                 $0\n\n For which no management decision had been made by the end of the reporting period              0                 $0\n\n For which no management decision was made within six months of issuance                        0                 $0\n\n  a. Because the Board is primarily a regulatory and policymaking agency, our recommendations typically focus on\nprogram effectiveness and efficiency, as well as strengthening internal controls. As such, the monetary benefit associated\nwith their implementation typically is not readily quantifiable.\n\n\n\n\n_______________________________________________________________________________\nSemiannual Report to Congress          41                             April 2012\n\x0cAppendix 2b\nAudit, Inspection, and Evaluation Reports Issued to the CFPB with\nRecommendations that Funds Be Put to Better Use during the Reporting\nPerioda\n                                       Reports                                              Number          Dollar Value\n\n For which no management decision had been made by the commencement of the                      0                 $0\n    reporting period\n\n That were issued during the reporting period                                                   0                 $0\n\n For which a management decision was made during the reporting period                           0                 $0\n\n  (i)    dollar value of recommendations that were agreed to by management                      0                 $0\n\n  (ii)   dollar value of recommendations that were not agreed to by management                  0                 $0\n\n For which no management decision had been made by the end of the reporting period              0                 $0\n\n For which no management decision was made within six months of issuance                        0                 $0\n\n  a. Because the CFPB is primarily a regulatory and policymaking agency, our recommendations typically focus on\nprogram effectiveness and efficiency, as well as strengthening internal controls. As such, the monetary benefit associated\nwith their implementation typically is not readily quantifiable.\n\n\n\n\n_______________________________________________________________________________\nSemiannual Report to Congress          42                             April 2012\n\x0cAppendix 3a\nOIG Reports to the Board with Recommendations that Were Open during\nthe Reporting Perioda\n                                                                             Recommendations               Status of Recommendations\n\n                                                           Issue                  Mgmt.       Mgmt.    Last Follow-up\n                     Report Title                          Date        No.        Agrees     Disagrees      Date      Closed Open\n\n Evaluation of Service Credit Computations                 08/05         3           3            \xe2\x80\x93            03/07           1    2\n\n Security Control Review of the Central Document           10/06       16           16            \xe2\x80\x93            03/12          16    \xe2\x80\x93\n   and Text Repository System (Nonpublic Report)\n\n Audit of the Board\xe2\x80\x99s Payroll Process                      12/06         7           7            \xe2\x80\x93            03/10           3    4\n\n Security Control Review of the Internet Electronic        02/07       13           13            \xe2\x80\x93            09/09          12    1\n   Submission System (Nonpublic Report)\n\n Audit of the Board\xe2\x80\x99s Compliance with Overtime             03/07         2           2            \xe2\x80\x93            03/08           1    1\n   Requirements of the Fair Labor Standards Act\n\n Security Control Review of the FISMA Assets               09/08       11           11            \xe2\x80\x93            09/11          10    1\n   Maintained by FRB Boston (Nonpublic Report)\n\n Evaluation of Data Flows for Board Employee Data          09/08         2           2            \xe2\x80\x93            03/11           1    1\n   Received by OEB and its Contractors (Nonpublic\n   Report)\n\n Audit of the Board\xe2\x80\x99s Information Security Program         09/08         2           2            \xe2\x80\x93            11/11           2    \xe2\x80\x93\n\n Control Review of the Board\xe2\x80\x99s Currency                    09/08         6           6            \xe2\x80\x93            03/10           5    1\n   Expenditures and Assessments\n\n Audit of Blackberry and Cell Phone Internal Controls      03/09         3           3            \xe2\x80\x93            09/11           2    1\n\n Security Control Review of the Audit Logging              03/09         4           4            \xe2\x80\x93            09/11           3    1\n   Provided by the Information Technology General\n   Support System (Nonpublic Report)\n\n Audit of the Board\xe2\x80\x99s Processing of Applications for       09/09         2           2            \xe2\x80\x93            03/12           2    \xe2\x80\x93\n   the Capital Purchase Program under the Troubled\n   Asset Relief Program\n\n Audit of the Board\xe2\x80\x99s Information Security Program         11/09         4           4            \xe2\x80\x93            11/11           4    \xe2\x80\x93\n\n Security Control Review of the Lotus Notes and            06/10       10           10            \xe2\x80\x93              \xe2\x80\x93             \xe2\x80\x93   10\n   Lotus Domino Infrastructure (Nonpublic Report)\n\n Audit of the Board\xe2\x80\x99s Information Security Program         11/10         3           3            \xe2\x80\x93            11/11           3    \xe2\x80\x93\n\n Security Control Review of the Internet Electronic        12/10         6           6            \xe2\x80\x93              \xe2\x80\x93             \xe2\x80\x93    6\n   Submission System (Nonpublic Report)\n\n Audit of the Board\xe2\x80\x99s Transportation Subsidy               03/11         3           3            \xe2\x80\x93              \xe2\x80\x93             \xe2\x80\x93    3\n   Program\n\n Response to a Congressional Request Regarding the         06/11         2           2            \xe2\x80\x93              \xe2\x80\x93             \xe2\x80\x93    2\n   Economic Analysis Associated with Specified\n   Rulemakings\n\n   a. A recommendation is closed if (1) the corrective action has been taken; (2) the recommendation is no longer applicable; or (3) the\nappropriate oversight committee or administrator has determined, after reviewing the position of the OIG and division management, that\nno further action by the agency is warranted. A recommendation is open if (1) division management agrees with the recommendation\nand is in the process of taking corrective action, or (2) division management disagrees with the recommendation and we have referred or\nare referring it to the appropriate oversight committee or administrator for a final decision.\n\n\n\n\nSemiannual Report to Congress                                43                                              April 2012\n\x0cAppendix 3a\xe2\x80\x94continued\nOIG Reports to the Board with Recommendations that Were Open during\nthe Reporting Period\n                                                                         Recommendations         Status of Recommendations\n\n                                                       Issue                 Mgmt.     Mgmt.    Last Follow-up\n                    Report Title                       Date        No.       Agrees   Disagrees      Date      Closed Open\n\n Review of the Failure of Pierce Commercial Bank       09/11         2           2         \xe2\x80\x93          \xe2\x80\x93           \xe2\x80\x93    2\n\n Security Control Review of the Visitor Registration   09/11        10          10         \xe2\x80\x93          \xe2\x80\x93           \xe2\x80\x93   10\n   System (Nonpublic Report)\n\n Audit of the Board\xe2\x80\x99s Implementation of the            09/11         1           1         \xe2\x80\x93        12/11         1    \xe2\x80\x93\n   Dodd-Frank Wall Street Reform and Consumer\n   Protection Act\n\n Summary Analysis of Failed Bank Reviews               09/11         3           3         \xe2\x80\x93          \xe2\x80\x93           \xe2\x80\x93    3\n\n Evaluation of Prompt Regulatory Action                09/11        1b           1         \xe2\x80\x93          \xe2\x80\x93           \xe2\x80\x93    1\n   Implementation\n\n Audit of the Board\xe2\x80\x99s Information Security Program     11/11         1           1         \xe2\x80\x93          \xe2\x80\x93           \xe2\x80\x93    1\n\n Review of RBOPS\xe2\x80\x99 Oversight of the Next                01/12         2           2         \xe2\x80\x93          \xe2\x80\x93           \xe2\x80\x93    2\n   Generation $100 Note\n\n Security Control Review of the National Remote        03/12         8           8         \xe2\x80\x93          \xe2\x80\x93           \xe2\x80\x93    8\n   Access Services System (Nonpublic Report)\n\n   b. This recommendation was directed jointly to the OCC, the FDIC, and the Board.\n\n\n\n\nSemiannual Report to Congress                             44                                       April 2012\n\x0cAppendix 3b\nOIG Reports to the CFPB with Recommendations that Were Open during the\nReporting Period\n                                               Recommendations         Status of Recommendations\n\n                                 Issue             Mgmt.     Mgmt.    Last Follow-up\n                 Report Title    Date    No.       Agrees   Disagrees      Date      Closed Open\n\n None with OIG recommendations\n\n\n\n\nSemiannual Report to Congress       45                                   April 2012\n\x0cAppendix 4a\nAudit, Inspection, and Evaluation Reports Issued to the Board during the\nReporting Period\n                                          Title                                                   Type of Report\n\n Reviews of Bank Failures\n\n   Material Loss Review of Park Avenue Bank                                                          Evaluation\n\n   Review of the Failure of Legacy Bank                                                              Evaluation\n\n   Material Loss Review of First Chicago Bank and Trust                                              Evaluation\n\n Information Technology Audits\n\n   Audit of the Board\xe2\x80\x99s Information Security Program                                                   Audit\n\n   Security Control Review of the National Remote Access Services System (Nonpublic Report)            Audit\n\n Program Audits and Evaluations\n\n   Review of RBOPS\xe2\x80\x99 Oversight of the Next Generation $100 Note                                       Evaluation\n\n   Audit of the Board of Governors of the Federal System Financial Statements as of and for the        Audit\n   Years Ended December 31, 2011 and 2010\n   Audit of the Federal Financial Institutions Examination Council Financial Statements as of          Audit\n   and for the Years Ended December 31, 2011 and 2010\n   Status of the Transfer of Office of Thrift Supervision Functions                                  Evaluation\n\n   Inquiry into Allegations of Undue Political Interference with Federal Reserve Officials           Evaluation\n   Related to the 1972 Watergate Burglary and Iraq Weapons Purchases during the 1980s\n\n\nTotal Number of Audit Reports: 4\nTotal Number of Inspection and Evaluation Reports: 6\n\nFull copies of the public reports are available on our website at\nhttp://www.federalreserve.gov/oig/default.htm\n\n\n\n\nSemiannual Report to Congress                                46                                        April 2012\n\x0cAppendix 4b\nAudit, Inspection, and Evaluation Reports Issued to the CFPB during the\nReporting Period\n                                        Title                                            Type of Report\n\n Information Technology Audits\n\n   Audit of the Bureau of Consumer Financial Protection\xe2\x80\x99s Information Security Program        Audit\n\n\n\n\nTotal Number of Audit Reports: 1\nTotal Number of Inspection and Evaluation Reports: 0\n\nFull copies of the public reports are available on our website at\nhttp://www.federalreserve.gov/oig/default.htm\n\n\n\n\nSemiannual Report to Congress                             47                                 April 2012\n\x0cAppendix 5\nOIG Peer Reviews\n\nGovernment auditing and investigative standards require that our audit and\ninvestigative units each be reviewed by a peer OIG organization every three\nyears. Section 989C of the Dodd-Frank Act amended the IG Act to require that\nOIGs provide in their semiannual reports to Congress specified information\nregarding (1) peer reviews of their respective organizations and (2) peer reviews\nthey have conducted of other OIGs. The following information addresses these\nDodd-Frank Act requirements.\n\n    \xef\x82\xb7    During the reporting period, the PBGC OIG completed its peer review of\n         our audit organization\xe2\x80\x99s quality control system in place for the period\n         April 1, 2010, through March 31, 2011. The review focused on whether\n         our system of quality control was suitably designed and whether we were\n         complying with the quality control system, in order to provide us with\n         reasonable assurance of conforming with applicable professional\n         standards. The PBGC OIG review concluded that the system of quality\n         control for our audit organization in effect for the one-year period ended\n         March 31, 2011, was suitably designed and complied with to provide us\n         with reasonable assurance of performing and reporting in conformity\n         with applicable professional standards in all material respects. Federal\n         audit organizations can receive a rating of pass, pass with deficiencies, or\n         fail. The PBGC OIG assigned a peer review rating of pass for the period\n         reviewed. There were no report recommendations, nor were any peer\n         review recommendations pending from any previous peer reviews of our\n         audit organization. We provided copies of the peer review report to the\n         appropriate entities.\n\n    \xef\x82\xb7    The last peer review of the OIG\xe2\x80\x99s Investigations program was completed\n         in March 2008 by the U.S. Government Printing Office OIG. No\n         recommendations from this or any prior peer reviews are pending. On\n         June 9, 2010, the U.S. Attorney General approved the OIG\xe2\x80\x99s request to\n         exercise statutory law enforcement authority. As a result and in\n         accordance with Attorney General guidelines, Investigations\xe2\x80\x99 next peer\n         review is due three years from the date of receiving statutory law\n         enforcement authority.\n\n    \xef\x82\xb7    Our audit staff began preparations for conducting a peer review of the\n         Office of Personnel Management\xe2\x80\x99s audit organization. We anticipate\n         issuing our report during the next reporting period.\n\nCopies of our peer review reports are available on our website at\nhttp://www.federalreserve.gov/oig/peer review reports.htm.\n\n\n\nSemiannual Report to Congress              48                               April 2012\n\x0cAppendix 6\nCross-References to the IG Act\nIndexed below are the reporting requirements prescribed by the IG Act with\nthe contents of this report.\n      Section                                             Source                                  Page(s)\n\n4(a)(2)           Review of legislation and regulations                                             34\n\n5(a)(1)           Significant problems, abuses, and deficiencies                                   None\n\n5(a)(2)           Recommendations with respect to significant problems                             None\n\n5(a)(3)           Significant recommendations described in previous semiannual reports on which    None\n                  corrective action has not been completed\n\n5(a)(4)           Matters referred to prosecutorial authorities                                     32\n\n5(a)(5);6(b)(2)   Summary of instances where information was refused                               None\n\n5(a)(6)           List of audit, inspection, and evaluation reports                               46-47\n\n5(a)(7)           Summary of particularly significant reports                                      None\n\n5(a)(8)           Statistical table of questioned costs                                           39-40\n\n5(a)(9)           Statistical table of recommendations that funds be put to better use            41-42\n\n5(a)(10)          Summary of audit, inspection, and evaluation reports issued before the           None\n                  commencement of the reporting period for which no management decision has\n                  been made\n\n5(a)(11)          Significant revised management decisions made during the reporting period        None\n\n5(a)(12)          Significant management decisions with which the Inspector General is in          None\n                  disagreement\n\n5(a)(14), (15),   Peer review summary                                                               48\n and (16)\n\n\n\n\nSemiannual Report to Congress                               49                                     April 2012\n\x0c\x0cTable of Acronyms and Abbreviations\n BEP                 Bureau of Engraving and Printing\n Board               Board of Governors of the Federal Reserve System\n BS&R                Division of Banking Supervision and Regulation\n CFPB                Consumer Financial Protection Bureau\n CFTC                Commodity Futures Trading Commission\n CIGFO               Council of Inspectors General on Financial Oversight\n CIGIE               Council of the Inspectors General on Integrity and Efficiency\n CIO                 Chief Information Officer\n CLD                 Construction, Land, and Land Development\n CRE                 Commercial Real Estate\n\n DIF                 Deposit Insurance Fund\n Dodd-Frank Act      Dodd-Frank Wall Street Reform and Consumer Protection Act\n FBI                 Federal Bureau of Investigation\n\n FDI Act             Federal Deposit Insurance Act\n FDIC                Federal Deposit Insurance Corporation\n FFIEC               Federal Financial Institutions Examination Council\n\n FHFA                Federal Housing Finance Agency\n First Chicago       First Chicago Bank and Trust\n FISMA               Federal Information Security Management Act of 2002\n FRB Atlanta         Federal Reserve Bank of Atlanta\n\n FRB Chicago         Federal Reserve Bank of Chicago\n FSOC                Financial Stability Oversight Council\n IG                  Inspector General\n IG Act              Inspector General Act of 1978, as amended\n ISO                 Information Security Officer\n IT                  Information Technology\n Legacy              Legacy Bank\n MOU                 Memorandum of Understanding\n NCUA                National Credit Union Administration\n NIST                National Institute of Standards and Technology\n NPRM                Notice of Proposed Rulemaking\n\n\n\n\nSemiannual Report to Congress                    51                                  April 2012\n\x0cTable of Acronyms and Abbreviations\n NRAS                National Remote Access Services\n NXG                 Next Generation\n OCC                 Office of the Comptroller of the Currency\n OEB                 Office of Employee Benefits\n OIG                 Office of Inspector General\n OMB                 Office of Management and Budget\n OTS                 Office of Thrift Supervision\n Park Avenue         The Park Avenue Bank\n PBGC                Pension Benefit Guaranty Corporation\n PCA                 Prompt Corrective Action\n\n Pubweb              Public Website\n RBOPS               Division of Reserve Bank Operations and Payment Systems\n SEC                 Securities and Exchange Commission\n\n SIGTARP             Special Inspector General for the Troubled Asset Relief Program\n SP 800-53           Special Publication 800-53, Recommended Security Controls for Federal\n                     Information Systems and Organizations\n SR Letter 07-01     Supervision and Regulation Letter 07-01, Interagency Guidance on\n                     Concentrations in Commercial Real Estate Lending, Sound Risk\n                     Management Practices\n TARP                Troubled Asset Relief Program\n\n Treasury            U.S. Department of the Treasury\n UCB                 United Commercial Bank\n\n\n\n\nSemiannual Report to Congress                   52                                 April 2012\n\x0cReport: Fraud, Waste, Abuse, or Mismanagement\n             Inspector General Hotline\n                         (800) 827-3340\n                         (202) 452-6400\n\n\n               You may also mail a complaint to\n                  Office of Inspector General\n       Board of Governors of the Federal Reserve System\n             20th St. and Constitution Ave., N.W.\n                       Mail Stop K-300\n                   Washington, D.C. 20551\n                         Attn: Hotline\n\n                          or e-mail\n                      OIGHotline@frb.gov\n\n     To learn more about the OIG, please visit our website at\n               http://www.federalreserve.gov/oig\n\x0c\x0c\x0c'